Skip to content
/ pe_unmapper Public
generated from hasherezade/libpeconv_tpl

Small tool to convert beteween the PE alignments (raw and virtual).

81 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hasherezade/pe_unmapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
libpeconv @ 79d7d3b
libpeconv @ 79d7d3b
 
 
pe_unmapper
pe_unmapper
 
 
.appveyor.yml
.appveyor.yml
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 

Repository files navigation

pe_unmapper

Build status GitHub release Github All Releases

Small tool to convert beteween the PE alignments (raw and virtual).

Allows for easy PE unmapping: useful in recovering executables dumped from the memory.

Usage:

Args:

Required: 
/in	: Input file name

Optional: 
/base	: Base address where the image was loaded: in hex
/out	: Output file name
/mode	: Choose the conversion mode:
	 U: UNMAP (Virtual to Raw) [DEFAULT]
	 M: MAP (Raw to Virtual)
	 R: REALIGN (Virtual to Raw, where: Raw == Virtual)

Example:

pe_unmapper.exe /in _02660000.mem /base 02660000 /out payload.dll

About

Small tool to convert beteween the PE alignments (raw and virtual).

Resources

Readme
Activity

Stars

81 stars

Watchers

4 watching

Forks

11 forks
Report repository

Releases 1

v1.0 Latest
Dec 10, 2022

Packages

No packages published

Languages