From Collaborative RCE Tool Library
AMDUMPV66 V1.0
| Tool name: | AMDUMPV66 V1.0 |
|
||
|---|---|---|---|---|
| Author: | CondZero | |||
| Website: | http://www.accessroot.com/arteam/site/news.php | |||
| Current version: | v 1.0 | |||
| Last updated: | January 18, 2011 | |||
| Direct D/L link: | http://www.accessroot.com/arteam/site/download.php?view.230 | |||
| License type: | Freeware | |||
| Description: | Amdumpv66 v1.0 - CondZero [ARTeam] (see history below for details) Note: This is a complete replacement for former AMDUMPV6.2!! Tested under winxp sp3 Should work under w2k, wxp, Vista, Win 7 32 bit Info: * new noninvasive loader engine to run & dump activemark v6.2x - 6.6x Targets. * Drag & drop capability * run program from its own folder, no need to copy Amdumpv66 to target folder to run. * amdumpv66 will dump activemark v6.2x - v6.6x executables for targets with both delayed and non delayed imports. For targets with non delayed imports, the built-in ARTeam ARImpRec (Import Rebuilder) will automatically fix any imports in the dumped file and append a '_' suffix to the end of the dumped file (i.e. dumped.exe >> dumped_.exe). This program expects this suffix when appending the overlay data automatically for targets that don't use delayed imports. If using a different IAT rebuilding tool, it may be necessary to rename the resultant fixed dump file as described above, or the overlay data will not be appended automatically and you will be required to do this step manually. * sometimes it may be necessary to view the sections in a pe editor Program (i.e. lordpe or similar) because the dumper is Dependent on finding: (4) .text/.text/.code/.code/etc sections in the executable for delayed import targets and, (3) .text/.text/.code/.code/etc sections for non delayed import targets. If (3/4) sections are not found, then the executable may not Be an Activemark v6.2x - 6.6x application!! Limitations: * in order to insure the stability of your dumped.exe, it may be necessary to manually hexedit the dumped file and insert an instruction which moves hi-values to a dword hi-value variable used by the GetTickCount api within the 3rd layer (2nd .text) in the executable. Please refer to the tutorial on dumping and analyzing activemark v6.2x on the [arteam] tutorial Link: http://arteam.accessroot.com/tutorials.html?fid=211 Disclaimer: Not responsible for any damages that result from using this Tool!! History: -------------------------------------------- Amdumpv66 - version 1.0 (November 2010) 1. Updated ARTeam import rebuilder v1.7.5 (Nacho_dj) for targets that don't use the delayed imports option 2. More elaborate search and replace scheme used for allocated and referenced VM DWORDS used in the target process 3. Drag & drop AM protected executable file to application 4. Log file is saved to your target folder |
|||
| Related URLs: | No related URLs have been submitted for this tool yet | |||
| Screenshot: |
|---|
 |
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
You are welcome to add your own useful notes about this tool, for others to see!