thebabush/driver_dump.py

## driver_dump.py
import glob
import os

import lief


def main(drivers_path):
    drivers = sorted(glob.glob(os.path.join(drivers_path, '*.sys')))
    for driver in drivers:
        pe = lief.parse(driver)
        if 'VmbChannelInitSetProcessPacketCallbacks' in pe.imported_functions:
            print(driver)


if __name__ == '__main__':
    main('C:/Windows/System32/drivers/')
	import glob
	import os

	import lief


	def main(drivers_path):
	drivers = sorted(glob.glob(os.path.join(drivers_path, '*.sys')))
	for driver in drivers:
	pe = lief.parse(driver)
	if 'VmbChannelInitSetProcessPacketCallbacks' in pe.imported_functions:
	print(driver)


	if __name__ == '__main__':
	main('C:/Windows/System32/drivers/')