PE import tables scanner
 Walied (waleedassar) <waliedassar gmail com> |
Friday, September 3 2010 10:41.47 CDT |
I want to share with you one of my tools, it is called "Find".Yes i am not good at choosing nice names for my tools.this tool simply iterates through some directory in your filesystem and for each executable file encountered ("whose extension was specified in cmdline"),it scans its import table looking for some API call.Results will be saved to c:\results.txt
its cmdline is as follows
find.exe exe c:\windows\system32 EnterCriticalSection
it searches for any .exe file in system32 folder which is importing EnterCriticalSection
i found two good uses for this simple program(1)once a specific API was found to be vulnerable,and we want to know how many applications are affected by this vulnerability.
(2)for API with no or poor documentation and we are in a bad need to know about its arguments and its return type.
the source code
https://docs.google.com/uc?id=0ByDwYV_JGWRNYmRiODc5OTAtMjBjMy00NjYxLTg5OTItMWZjZDI2M2IwNDg4&export=download&hl=en
original post herehttp://waleedassar.blogspot.com
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |