From Collaborative RCE Tool Library

Jump to: navigation, search

AMDUMPV6.2

Tool name: AMDUMPV6.2
Rating: 0.0 (0 votes)
Author: CondZero                        
Website: http://arteam.accessroot.com
Current version: 2.2
Last updated: September 18th, 2008
Direct D/L link: http://arteam.accessroot.com/releases.html?fid=3
License type: Free / Open Source
Description: The archive includes full sources and two tutorials.

Note: the included pdf overview (from previous release).
Still applies to this version with the caveat that import rebuilding is. Included in this release for targets that don't use the delayed import Option!!

Info:
* New noninvasive loader engine to run & dump activemark v6.2x targets.
* Run program from its own folder, no need to copy Amdumpv62 to target folder to run.
* Amdumpv62 will dump activemark v6.2x executables and, if necessary, Rebuild imports automatically for targets with delayed imports not enabled and finally append the overlay data to the end of the dumped file.

Special note:
* The import rebuilder will append an '_' suffix to the end of the dumped File. (i.e. dumped.exe >> dumped_.exe similar to imprec). In these cases, the overlay data will be appended to the new dump name Automatically.
* Sometimes it may be necessary to view the sections in a pe editor Program (i.e. lordpe or similar) because the dumper is Dependant on finding:
(4) .text/.text/.code/.code/etc sections in the executable
For delayed import targets
(3) for non delayed import targets.
If (3/4) sections are not found, then the executable may not be an activemark v6.2x application!!
* Note: also dependent on finding (2) .bss/bss sections in The executable! These sections are used for storing needed data To run dump successfully!

Limitations:
* In order to insure the stability of your dumped.exe, it may be necessary to manually hexedit the dumped file and insert an instruction which moves hi-values to a dword hi-value variable used in the gettickcount api within the 3rd layer (2nd .text) in the executable. Please refer to the tutorial on dumping and analyzing activemark v6.2x on the [arteam] tutorial
Link: http://arteam.accessroot.com/tutorials.html?fid=211

History:
--------------------------------------------
Amdumpv62 - version 2.2 (September 2008)
1. Updated arteam import rebuilder v1.2.1 (nacho_dj) for targets that don't use the delayed imports option

Amdumpv62 - version 2.0 (march 2008)
1. New noninvasive loader engine based on Deroko's nonintrusive loader (i.e. nodebug)
2. New arteam import rebuilder v1.1 (nacho_dj) for targets. That don't use the delayed imports option
3. New log progress and results of the dump process
4. Separate threads for main gui and process
Related URLs:
Related tutorial:
http://arteam.accessroot.com/tutorials.html?fid=211


Screenshot:
Screenshot of AMDUMPV6.2


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Dump Fixers  (5)
   IAT Restore Tools  (6)
   .NET MSIL Dumpers  (2)
   Process Dumpers  (12)
   OEP Finders  (6)
   Needs New Category  (3)