Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Imm_OllyDbg PE Dumper 3.03/OllyDbg PE Dumper 3.03

Plugin related discussions.

For plugins, tools and tutorials see <a href="/collaborative/tools/index.php/Category:OllyDbg_Extensions">OllyStuph</a>
Locked
JMI
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Imm_OllyDbg PE Dumper 3.03/OllyDbg PE Dumper 3.03

Post by JMI »

FKMA has apparently released a newer version of his OllyDbg PE Dumper, now apparently known as Imm_OllyDbg PE Dumper 3.03

His updated version has the following description:

you can dump any *.exe and *.dll from debugged process address space;
- you can add/remove sections to/from resulting dump. If you are add new section,
you specify VA and size of memory region to add as section, attributes, File Offset,
RAW size and section name. So, now you can add to dump any memory regions created
by protectors during debug session;
- antidump antiprotection and most correct save dump technics: during dumping,
against other dumpers, PE Dumper save only present memory pages (basing on VA & Virtual size).
So, if between memory regions present non-allocated space, most other dumpers
(and OllyDump too) will not save dump correctly, but PE Dumper will save all
correctly.
- fix raw sizes correct only RAW size of image according to Virtual Sizes;
- paste header from disk - use header from disk, it's clear;

I found it at:

http://www.tuts4you.com/download.php?view.2109

and updated our CRCETL entry and local copy here:

http://www.woodmann.com/collaborative/t ... /PE_Dumper

Regards,
JMI
nova

Post by nova »

then it seems he hasn't finished 3.05 ( archive/index.php/t-8789.html )

thanks JMI. All the links i found were dead.
biotech7

Post by biotech7 »

Thanks for your kind offering.
User avatar
Kayaker
Posts: 4169
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

Well isn't that special. It appears that 3.03 version is for ImmDbg only. Hence the name Imm_OllyDbg perchance? :p

The latest OllyDbg version I can find, according to the PE File Version, is 3.02, at
http://www.tuts4you.com/download.php?view.87

I can create a new entry - to include this apparently last OllyDbg-specific 3.02 version, as well as the v3.03 ImmDbg one, but..

What is the latest version of OllyDbg PE Dumper available? The thread given by nova mentions a later version possible. Any movement on that front anybody know?

Kayaker
Locked