From Collaborative RCE Tool Library

Jump to: navigation, search

Skpd

Tool name: Skpd
Rating: 0.0 (0 votes)
Author: Albert Sellarès                        
Website: https://www.wekk.net
Current version: 1.3
Last updated: 13/07/2009
Direct D/L link: https://www.wekk.net/code/attachments/download/1/skpd.tar.gz
License type: none yet
Description: <nowiki>Skpd is a process dumper for x86 and x64 ELF binaries

Features:

static binaries.
dynamic binaries.
compressed files (at least upx)
elfuck encrypted.
32 and 64 bits support.
Generates an ELF file from a running process.
If the original file was encrypted, the new one will not.
i386, x86_64, MIPSEL platforms

Usage:

./skpd {-p pid
Related URLs:
Skpd is based on ilo's article on process dumping and binary reconstruction:
http://www.phrack.com/issues.html?issue=63&id=12&mode=txt
Here is explained how the symbol/name relocation is done for ELF:
http://em386.blogspot.com/2006/10/resolving-elf-relocation-name-symbols.html
Skpd source code for 1.3 revision:
https://www.wekk.net/code/projects/skpd/repository/revisions/e61bb652197c39b500ab912eebae105048b1deb4/entry/trunk/src/skpd.c


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views