Jump to content
Tuts 4 You

About This File

DumpPE is a WinDBG extension that dumps PE files from memory.

It contains two commands:

!dumppe.dump_raw - dumps a PE file from memory to disk as-is (the result will be a PE file as it appears in memory (after relocations, things will be located where they should be based on RVAs, etc.)

!dumppe.dump_disk - dumps a PE file from memory to disk and attempts to write it as it was before being loaded - therefore making it a valid PE that can be loaded again at will.

What's New in Version 0.2   See changelog

Released

No changelog available for this version.

 Share
Previous File DbgKit
Next File MEX Debugging Extension

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...