|
also we can use
------------------------------
Process Dump v1.4
Copyright ะน 2015, Geoff McDonald
http://www.split-code.com/
Process Dump (pd.exe) is a tool used to dump both 32 and 64 bit executable modules back to disk from memory within a process address space. This tool is able to find and dump hidden modules, and it uses a clean hash database to exclude dumping of known clean files. This tool uses an aggressive import reconstruction approach that links all DWORD/QWORDs that point to an export in the process to the corresponding export function.
------------------------------
|