Detect-It-Easy icon indicating copy to clipboard operation
Detect-It-Easy copied to clipboard

Published 20 hours ago verified publisher icon horsicq

Feature Request: Analyze in-memory file

Open davclark opened this issue 2 years ago • 4 comments

I am calling diec from a python script and already have a sample in memory. Is it possible to send the file to die via stdin, or potentially expose a foreign function interface? Currently, I need to write the file to disk, which is relatively slow.

davclark avatar Apr 11 '23 22:04 davclark

I will think about it. Thanks you for the idea.

horsicq avatar Apr 11 '23 22:04 horsicq

Hello! You can create a process dump and scan it with DIE extractor to retrieve all files from memory for analysis

DosX-dev avatar Apr 22 '24 13:04 DosX-dev

Thanks @DosX-dev! However, this is not addressing the request. I'm trying to avoid the need to write to a filesystem. I am currently writing to a filesystem just fine. So, I have a working solution, just not optimal in terms of performance. A solution that would be a tad more performant would be tmpfs, but this still creates a copy of the data in memory, which is also not optimal.

davclark avatar Apr 26 '24 20:04 davclark

Now I understand your problem. This will be possible with the release of the release version of DIE SDK (Library). You can scan files programmatically by transferring them entirely in memory. But this functionality is not yet available

DosX-dev avatar Apr 26 '24 22:04 DosX-dev