Skip to content
/ pyvdmextract Public

Extract the emulated files in Windows Defender signature database

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

orca-eaa5a/pyvdmextract

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
win_structs
win_structs
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
extract.py
extract.py
 
 
struct.pptx
struct.pptx
 
 
vdm_decomp.ps1
vdm_decomp.ps1
 
 

Repository files navigation

pyvdmextract

Extract the emulated file which in the Windows Defender

  • parse mpasbase.vdm and extract the emulated file and its contents

    which in the Windows Defender.

  • before parse the .vdm files, we have to unpack it.

  • you can do this by using "vdm_decomp.ps1".

    • since python does not support the zlib.inflate algorithm,

      unpacking .vdm couldn't implement yet.

    • so you have to use other .vdm decompression tools.

      ( "vdm_decomp.ps1" is not my work)

About

Extract the emulated files in Windows Defender signature database

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages