Skip to content
/ WPM_Intercept Public

A DLL utility for intercepting WriteProcessMemory calls and dumping the buffer back to disk.

License

MIT license
3 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

peiga/WPM_Intercept

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
WPM_Intercept
WPM_Intercept
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
WPM_Intercept.sln
WPM_Intercept.sln
 
 

Repository files navigation

WPM_Intercept

A DLL utility for intercepting WriteProcessMemory calls and dumping the buffer back to disk.

Usage

  • [1] Open the program that calls WriteProcessMemory.
  • [2] Use standard DLL injection to load the module into that process.
  • [3] Any WriteProcessMemory calls will now be dumped back to disk.

Output

All files are dumped as ".bin", meaning they're binary files for analysis purposes. If you've dumped a module, you can now use cmd to copy all the binaries in their corresponding order and re-create the binary from disk into a module that can now be analyzed and loaded back into memory.

About

A DLL utility for intercepting WriteProcessMemory calls and dumping the buffer back to disk.

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages