OllyDumpEx Plugin

Posted: September 8, 2015 in Uncategorized
Tags:

Overview

This plugin is process memory dumper for OllyDbg and Immunity Debugger. Very simple overview:

OllyDumpEx = OllyDump + PE Dumper – obsoleted + useful features

Features

  • Various debuggers supported
  • Select to dump debugee exe, loaded dll or non-listed module
  • Search PE File from memory
  • Multiple Dump mode. Rebuild for typical PE dump, Binary for PE Carving
  • PE32+ supported (Search and Binary Dump mode only available on 32bit debugger)
  • Native 64bit process supported (IDA Pro, WinDbg and x64_dbg)
  • Dump any address space as section even if not in original section header
  • Add dummy section to keep PE format consistency
  • Fix RVA in DataDirectory to follow ImageBase change
  • Auto calculate many parameters (RawSize, RawOffset, VirtualOffset, …)

Recent Changes

– v1.50 / 2015-07-03

  • Add: Fuzzy Search mode (for corrupted MZ/PE Signature)
  • Add: Fix Corrupted PE Header option (Fill Hole option is merged)
  • Add: Dump result dialog for copy and paste
  • Improve: Search method optimization
  • Improve: Corrupted PE Header handling
  • Improve: Binary dump mode support some options
  • Bugfix: Rebased PE handling (rebuild dump mode)
  • Bugfix: Debuggee filename error on attached process (IDA)
  • Bugfix: Get EIP does not work in recent version (x64_dbg)

a

Download here:

http://low-priority.appspot.com/ollydumpex/OllyDumpEx.zip

Regards,

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s