set of 2 tools which tend to simplfy task when analyzing protection with many many buffers used as anti-dump or a vm. dump_all.exe will dump all regions from the target, and load_all.plw is an ida plugin which will load all of these memory dumps into IDA database for easy analyze. Kinda usefull, as you don't have to run you target several times to obtain dump of a needed memory buffer.
Note that it will dump everything, heap, stack, etc... and all dumps are loaded as binary data file into ida. It's first release, and seems so far to work ok with all tested binaries.
dump_all/load_all tool set
(c) 2008 deroko of ARTeam
dump_all/load_all tool set is designed to make analyze of a certain protection
easier. It can be also used for the analyze of a malware, but it's not it's
primary purpose.
dump_all.exe is utility which will dump all memory regions from a certain process.
load_all.plw is an IDA plugin which will load all of these dumps to their addresses
in IDA database.
How to use:
copy load_all.plw into IDA\plugins folder, and use dump_all.exe to dump regions
into
some folder (advice is to use newly created folder), while in IDA go to plugins
folder or press Alt-O and select any dump file and all files with .dmp from that
folder will be loaded.
