Skpd

Tool name:

Skpd

Currently0/5
1
2
3
4
5

Rating: 0.0 (0 votes)

Author:

Albert Sellarès

Website:

https://www.wekk.net

Current version:

1.3

Last updated:

13/07/2009

Direct D/L link:

https://www.wekk.net/code/attachments/download/1/skpd.tar.gz

License type:

none yet

Description:

<nowiki>Skpd is a process dumper for x86 and x64 ELF binaries

Features:

static binaries.
dynamic binaries.
compressed files (at least upx)
elfuck encrypted.
32 and 64 bits support.
Generates an ELF file from a running process.
If the original file was encrypted, the new one will not.
i386, x86_64, MIPSEL platforms

Usage:

./skpd {-p pid

Related URLs:

Skpd is based on ilo's article on process dumping and binary reconstruction:
http://www.phrack.com/issues.html?issue=63&id=12&mode=txt

Here is explained how the symbol/name relocation is done for ELF:
http://em386.blogspot.com/2006/10/resolving-elf-relocation-name-symbols.html

Skpd source code for 1.3 revision:
https://www.wekk.net/code/projects/skpd/repository/revisions/e61bb652197c39b500ab912eebae105048b1deb4/entry/trunk/src/skpd.c

Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Skpd"

If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Parent Category: Linux Tools