首页
社区
课程
招聘
[转帖]dump_all/load_all by deroko
发表于: 2008-8-29 23:02 2698

[转帖]dump_all/load_all by deroko

2008-8-29 23:02
2698
dump_all/load_all by deroko

set of 2 tools which tend to simplfy task when analyzing protection with
many many buffers used as anti-dump or a vm. dump_all.exe will dump all regions
from the target, and load_all.plw is an ida plugin which will load all of these
memory dumps into IDA database for easy analyze. Kinda usefull, as you don't
have to run you target several times to obtain dump of a needed memory buffer.

Note that it will dump everything, heap, stack, etc... and all dumps are loaded as
binary data file into ida. It's first release, and seems so far to work ok with all
tested binaries.

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

上传的附件:
收藏
免费 1
支持
分享
最新回复 (1)
雪    币: 98782
活跃值: (201044)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
2
dump_all/load_all tool set
(c) 2008 deroko of ARTeam

dump_all/load_all tool set is designed to make analyze of a certain protection
easier. It can be also used for the analyze of a malware, but it's not it's
primary purpose.

dump_all.exe is utility which will dump all memory regions from a certain process.
load_all.plw is an IDA plugin which will load all of these dumps to their addresses
in IDA database.

How to use:

copy load_all.plw into IDA\plugins folder, and use dump_all.exe to dump regions
into
some folder (advice is to use newly created folder), while in IDA go to plugins
folder or press Alt-O and select any dump file and all files with .dmp from that
folder will be loaded.

That's it...

(c) 2008 deroko of ARTeam
2008-8-29 23:12
0
游客
登录 | 注册 方可回帖
返回
//