Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-28-2016, 10:57
cra0
 
Posts: n/a
LiveDump (A simple memory dumper)

I'm a fan of 010 Editor's templating system they have in place where you can write layouts for hex dumps or file formats I use it in almost all of my research/reversing.
More information about that can be found here even though the hex editor has a built in system to open a live processes memory it's not really great. I needed a system where the data I was looking at was live and updated almost instantaneously so I wrote LiveDump.
LiveDump is a simple memory dumper which will either dump a region of memory once to a file or constantly dump it every X many milliseconds, this way I can see the data updated almost live in 010 editor and make use of their templating to reverse a portion of a data structure or class object. There are things like Reclass which are purposely built for this reason which I do use however my own personal preference is the templating feature built into 010 editor as it's very robust and you incorporate loops and logic into it to display the data out how you want it.

http://i.imgur.com/3cX5B6O.png
http://rel.cra0kalo.com/depot/LiveDump.zip
Reply With Quote
The Following User Says Thank You to For This Useful Post:
serseri_1453 (09-15-2016)
  #2  
Old 06-29-2016, 02:50
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
I'm in the same boat. I've requested this feature a few times to them. The most recent response I got was:
Quote:
Hello atom0s

Thank you very much for your email and glad to hear that you are finding 010 Editor useful. We are planning on doing a bunch of improvements to process editing in the future and we'll try to look at auto reloading process memory. It would even be nice to highlight bytes that have changed. We're not sure the time frame right now but we'll try to let you know when we have some things implemented. Let us know if you have any questions and have a great day!

Sincerely,
Graeme Sweet
So hopefully they do bring some much needed improvements to it.
Reply With Quote
  #3  
Old 06-29-2016, 11:57
cra0
 
Posts: n/a
Quote:
Originally Posted by atom0s View Post
I'm in the same boat. I've requested this feature a few times to them. The most recent response I got was:


So hopefully they do bring some much needed improvements to it.
Yeah I hope so. Anyone it doesn't bother me I made this tool for that reason to auto update the hexview with live data to repopulate my 010 template scripts.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Linux] Memory dumper alexandernst Community Tools 0 12-11-2017 11:48


All times are GMT +8. The time now is 18:02.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )