├── TracingConfig.conf
├── malpimp.exe
└── readme.txt


/TracingConfig.conf:
--------------------------------------------------------------------------------
 1 | ######## Malpimp - Advanced API Tracing Tool, Configuration File ###########
 2 | # (C) 2013 - Amit Malik (m.amit30@gmail.com) - http://www.securityxploded.com #
 3 | # Hooking policies
 4 | # TracingExclude - During hooking exclude the DLLs and APIs mentioned in this policy.
 5 | # TracingInclude - During hooking only hook the DLLs and APIs mentioned in this policy, If this policy have values in its
 6 | # fields then TracingExlude entries will be ingnored.
 7 | 
 8 | ## seperate the multiple values using comma (,)
 9 | # For API just use API name. eg: LoadLibraryA 
10 | [TracingExclude]
11 | DLLs = USER32.dll,GDI32.dll,ntdll.dll,PSAPI.DLL,REGAPI.dll,WS2HELP.dll,ole32.dll,USERENV.dll,AUTHZ.dll,MSASN1.dll,RPCRT4.dll,SETUPAPI.dll,IMAGEHELP.dll
12 | API = 
13 | 
14 | # For API use DLL!API syntax eg: kernel32!LoadLibraryA
15 | [TracingInclude]
16 | DLLs = kernel32.dll,ws2_32.dll,wininet.dll,advapi.dll,advapi32.dll
17 | API = 
18 | 
19 | # control the execution in a better way.
20 | [Additional]
21 | ####
22 | # solveloop (yes/no) - remove the hook from the apis that are called with same "return address" with apithreshold times.
23 | solveloop = yes
24 | apithreshold = 5
25 | 
26 | # Arguments to application
27 | args = None
28 | 
29 | ####
30 | # Everything between these addresses will be logged into the trace file.
31 | # change according to your requirements
32 | # default: 167772160 (0x0A000000)
33 | loggingaddrmax = 167772160
34 | loggingaddrmin = 0
35 | 
36 | #### End of File ####


--------------------------------------------------------------------------------
/malpimp.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cysinfo/Malpimp/d133dcb44f2f33ce379d0f54b7b2d94728bcac9e/malpimp.exe


--------------------------------------------------------------------------------
/readme.txt:
--------------------------------------------------------------------------------
1 | Read more at http://cysinfo.com/malpimp/


--------------------------------------------------------------------------------