Malpimp是国外安全研究者Amit Malik开发的一款命令行API跟踪和自动化逆向的工具,底层使用了pydbg,非常适合自动化恶意软件分析以及api跟踪的一款软件,可以运行在xp和2003平台上。
Allows advanced congiguration through Include and Exclude policies to hook DLLs and APIs selectively Loop detection and dynamic hook removing abilities Provides good control over application API calls logging with return address Command-line tool makes it perfect for scripting and automation
Malpimp.exe <sample_exe> <address> <sample_exe>: Full path of application EXE file <address>: Start address for the API tracing. If you want to trace directly from entry point then use zero. Examples: Malpimp.exe c:\windows\test.exe 0