This webblog will tell and story about my software development and anything related to computer security.

OllyDump for OllyDebugger

by Kamil Alta | Sunday, September 19, 2004 in , |

OllyDump is one of advanced memory dumping tools. It is easy to use with OllyDbg as a plugin. Once the process is being debugged at runtime, it will be automatically search for PE section. But this tools does not give you automatically an OEP for any compressed PE file. You still have to find their OEP offset manually and write down the offset to the OllyDump window. The picture below show you how the OllyDump plugin works for dumping UPX packed file.



Just simply add your founded OEP to the Modify box and hit Dump button to save as a dumped file. You can edit the listed section for your own usages. You can easily dumping PE file without need to highlight all the debugged code and choose 'Follow in Dump > Selection'. This way sometime does not produce an accurate result.

You can find OllyDump here or here.

0 comments:




Latest Threats

Followers

Sponsor