I'd like to add that in some protected targets (which you end up dumping), the author has written a fake VA size on some of the sections in the PE.
This may then result in a big problem when dumping with the current code, as it uses the Virtual & Real size as the same value.
So I present to you this easy fix:
Quote:
PEFixSection->SizeOfRawData = PEFixSection->SizeOfRawData;//RealignedVirtualSize;
|
It's really as simple as that - only, you have to rebuild the size manually afterwards using for example CFF Explorer - or as in my case, I use a source I found on google...
Anyways, as always - really useful post, and new edit of this great project