Categories: Kali Linux

WDExtract : Extract Windows Defender database

WDExtract is the extract Windows Defender database from vdm files and unpack it.

  • This program distributed as-is, without any warranty;
  • No official support, if you like this tool, feel free to contribute.

Features

  • Unpack VDM containers of Windows Defender/Microsoft Security Essentials;
  • Decrypt VDM container embedded in Malicious software Removal Tool (MRT.exe);
  • Extract all PE images from unpacked/decrypted containers on the fly (-e switch):
    • dump VDLLs (Virtual DLLs);
    • dump VFS (Virtual File System) contents;
    • dump signatures auxiliary images;
    • dump GAPA (Generic Application Level Protocol Analyzer) images used by NIS (Network Inspection System);
    • code can be adapted to dump type specific chunks of database (not implemented);
  • Faster than any script.

Also Read – Cloudcheck : Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail

Usage

wdextract file [-e]

  • file – filename of VDM container (*.vdm file or MRT.exe executable);
  • -e optional parameter, extract all found PE image chunks found in VDM after unpacking/decrypting (this including VFS components and emulator VDLLs).

Example:

wdextract c:\wdbase\mpasbase.vdm
wdextract c:\wdbase\mpasbase.vdm -e
wdextract c:\wdbase\mrt.exe
wdextract c:\wdbase\mrt.exe -e

Note: base will be unpacked/decrypted to source directory as %originalname%.extracted (e.g. if original file c:\wdbase\mpasbase.vdm, unpacked will be c:\wdbase\mpasbase.vdm.extracted).

Image chunks will be dumped to created “chunks” directory in the wdextract current directory (e.g. if wdextract run from c:\wdbase it will be c:\wdbase\chunks directory). Output files always overwrite existing.

Build

  • Source code written in C;
  • Built with MSVS 2017 with Windows SDK 17763 installed;
  • Can be built with previous versions of MSVS and SDK’s.

Credits : (c) 2019 WDEXTRACT Project

R K

Recent Posts

The Growing Role of Digital Libraries in Remote Education

Learning Without Walls Remote education has long been a lifeline for students in rural areas…

6 hours ago

How Do I Do Reverse Image Search

Have you ever come across a picture on the internet and wondered where it came…

20 hours ago

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

2 weeks ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

2 weeks ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

2 weeks ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

2 weeks ago