Page 1 of 2 12 LastLast
Results 1 to 15 of 24

Thread: Plugin: Memory Dump

  1. #1

    Plugin: Memory Dump

    Hi

    I often need copy just a number of bytes from debugged process to a file , there are few plugins but all of them works on principle of entering start and end addresses manually. I've been searching for something simple which would allowed me easily copy a number of bytes from dump window but could not find anything, so I decided to write it myself.

    Simply select desired bytes in dump window , open right click menu and
    pick 'Memory Dump' to save them.

    that's all

    I know it's lame, it's my first plugin.....I hope somebody find it useful

    http://rapidshare.com/files/41739240/MemoryDump.zip.html

  2. #2
    Yes, it is a good tool. Thanks Usually, we must dump the entire section and cut it with an hex editor. Now, it is very simple. Just a question, what are the others plugins which allow us to dump bytes ?

    I just know "Data Ripper" to dump datas usable in a source code. "Export table" is doing the same thing with less options.

  3. #3
    Quote Originally Posted by BeatriX View Post
    Usually, we must dump the entire section and cut it with an hex editor. Now, it is very simple.
    I was tired of this



    I just know "Data Ripper" to dump datas usable in a source code. "Export table" is doing the same thing with less options.
    yep, but those you mention are different, I know of 2 which do binary dump
    one is Memory Backup and second is IsDebuggerPresent, it contains a dumper
    Last edited by aeon; July 8th, 2007 at 13:49.

  4. #4
    just a small comment. I don't think it is a good idea to pack your plugin aeon. Not very handy if we want to debug or disassemble it. Are you afraid with the size of your dll ? And more, if I want to debug Olly with Olly itself, by default, we get the famous message about BaseOfCode.

  5. #5
    well, I do not like having my plugin debugged or disassembled, just because my coding is terrible , I've seen packed plugins although it was only UPX , yep, size is another reason I do not like 22KB, 11KB is much better

  6. #6
    Quote Originally Posted by BeatriX View Post
    just a small comment. I don't think it is a good idea to pack your plugin aeon. Not very handy if we want to debug or disassemble it. Are you afraid with the size of your dll ? And more, if I want to debug Olly with Olly itself, by default, we get the famous message about BaseOfCode.
    Packed? So what? No problem! Nothing a little reversing can't fix

    If you don't want your code disassembled, this is the wrong forum for you. Consider that many of the users here are quite skilled reversers and for them unpacking is trivial.

    ...but really, OllyDbg already has this functionality. Select bytes, Rightclick -> Binary -> Binary Copy. Then paste in whatever editor of choice.

  7. #7
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    Quote Originally Posted by LLXX View Post
    ...but really, OllyDbg already has this functionality. Select bytes, Rightclick -> Binary -> Binary Copy. Then paste in whatever editor of choice.
    well that copies ascii representation of binary
    not as .bin

    though you can copy bin
    with right click-> createbackup-> save backup to file

    this plugin copies specific selection while save backup will save the entire page so it has some added functionality that may be of use to some

  8. #8
    If you don't want your code disassembled, this is the wrong forum for you. Consider that many of the users here are quite skilled reversers and for them unpacking is trivial.
    I still do not want my code disassembled but that's not important , I know somebody does it and that's fine, that's point of this forum, to learn.

    Probably none of the serious programmers want their applications to be disassembled and still is a high chance somebody will do it.


    Binary Copy copies hex representation of selected bytes, not bytes themselves

  9. #9
    I have made small update :

    - copy to clipboard: this comes handy when user wants to access string from dump fast and use it immediately somewhere else (does not work very well with control characters)

    - version for immunity debugger

    http://www.zippyshare.com/v/55465328/MemoryDump.zip.html

  10. #10
    I've added exporting tables for c, asm and delphi

    http://www1.zippyshare.com/v/11314507/file.html

  11. #11
    I did last update

    Description:
    Code:
    In the dump window right click and select 'Memory Dump' in the popup menu 
     pick your choice.
    
     Possible choices are:
    
     - File
        Copies selected bytes from dump into a file.
    			
     - Clipboard
        Copies selected bytes from dump into a clipboard (text only).
    
     - Delphi/Pascal Table
        Generates table of selected bytes which can be easily used in Delphi/Pascal
    
     - C/C++ Table
        Generates table of selected bytes which can be easily used in C/C++
    
     - ASM Table
        Generates table of selected bytes which can be easily used in Assembler 
        (MASM Tested)
    
     - Visual Basic Table
        Generates table of selected bytes which can be easily used in Visual Basic 
    
     - Range Dump
        Dumps Range of defined bytes by: 
    
    	- Lenght : Tick End Address/Lenght
            - End Address : Untick End Address/Lenght
    
        Xor Dump With: Self-explanatory 
    	
        Button with [<] symbol enters address of last byte clicked(not selected) in the dump,
        it's more convenient than entering addresses manually.
    
    
     - Xor Selection
        Xors Selection and shows dumped data in Olly's window. This window cannot be used 
        for another byte manipulation with plugin because dump is created in your Win's 
        temporary folder and not in memory.
    http://www.zippyshare.com/v/4380600/file.html

  12. #12
    Thanks again for keeping us updated!

    Regards,
    JMI

  13. #13
    Simple but very good plugin, aeon. Can you post or PM me the source code ?
    Thank you very much !

  14. #14
    Quote Originally Posted by aeon View Post
    Code:
     - Delphi/Pascal Table
        Generates table of selected bytes which can be easily used in Delphi/Pascal
    I wish this had been developed before, I have managed very big block of bytes to be converted to Delphi tables.

    Well, from now this will get easier and more confortable.

    Many thanks for your good work

    Nacho_dj

  15. #15
    Quote Originally Posted by TQN View Post
    Simple but very good plugin, aeon. Can you post or PM me the source code ?
    Thank you very much !
    huh, you are the guy who made SDK for delphi

    did not I metion that my coding is ..... ehm......terrible? If there is something wrong(bug) or you're interested in something particular, just tell me

    Quote Originally Posted by Nacho_dj View Post
    I wish this had been developed before, I have managed very big block of bytes to be converted to Delphi tables.

    Well, from now this will get easier and more confortable.

    Many thanks for your good work

    Nacho_dj
    actually there is such plugin



    thank you guys , you're welcome
    Last edited by aeon; December 12th, 2007 at 12:19.

Similar Threads

  1. Please Dump me , Please !
    By Fh_prg in forum Malware Analysis and Unpacking Forum
    Replies: 17
    Last Post: July 23rd, 2008, 07:17
  2. Plugin Request - Memory Searcher
    By Aquatic in forum Plugins (General)
    Replies: 5
    Last Post: June 21st, 2006, 09:04
  3. Impossible to Dump??
    By cRk in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: December 14th, 2003, 11:34
  4. Dump process
    By Anonymous in forum Plugins (General)
    Replies: 4
    Last Post: November 20th, 2002, 02:08
  5. Anti Dump
    By SpeKKeL in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: October 17th, 2002, 21:05

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •