Home

Awesome

PPLDump BOF

Who worked on this?

What is this?

Jokingly, an exercise of my own personal sanity maintenance. In reality, this is a faithful porting of @itm4n's PPLDump project.

As one may imagine, this is a fully-fledged BOF to dump an arbitrary protected process.

But, why?

The goal isn't the destination, but the journey. Or that's what I told myself to make the endless suffering of this endeavor a bit less acute. :)

Cool, but what are the requirements?

What is this massive fileheader.h header, why so sus?

This is a one-to-one dump of the original resource file created during building the PPLDump project DLL, and you're more than welcome and encouraged to fact-check this. As the original resource file was embedded (and therefore not usable due to a lack of linking for Beacon Object Files). This was a way around that. In the future, I may implement this ability to bring them arbitrarily, but use at your own risk.

What do I need to know before doing anything?

How do I run it?

  1. Build the project via the Makefile in the src directory, ensuring again, that you have ABSOLUTELY changed the variable mentioned above.
  2. Load the Aggressor CNA file in the dist directory.
  3. Within your Beacon of choice (and one that meets the criteria): ppldump YOUR_PROTECTED_PROCESS_PID

To-Do Items (if I have the time)