Thread: NativeDumper
View Single Post
  #4  
Old 03-08-2017, 18:14
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,823 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
New options:
"Round raw size" - Not actually necessary, will round raw size of sections to FileAlignment
"Current EIP" to change the EntryPoint - you should stop at old entry point with Olly or other debugger,

"Sections info from" Memory or File.

Raw options:
"Original raw" - don't make any change to raws (raw address and raw size) of sections, note that this will fail for 99% of packers/protectors
Good for application virtualizators like Spoon Studio to get original untoched module from memory.
"RAW=VA" - set RAW address = Virtual Address and RAW Size = Virtual size of section, using this option you will have working dumps but a bit larger dumps.
"Calculate raw" - preferable option, will try to recalculate raw addresses and raw sizes.
Attached Files
File Type: zip NativeDumper.zip (11.7 KB, 56 views)
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
papi (03-10-2017)
The Following 4 Users Say Thank You to CodeCracker For This Useful Post:
besoeso (03-09-2017), Codeman (06-28-2017), Kla$ (03-08-2017), serseri_1453 (04-24-2018)