Jump to content
Tuts 4 You

Save Open Process To Disk


Matrix

Recommended Posts

Posted

Hi Friends

how i save a open process in memory to disk ? :unsure:

plz help me

Tanx

Posted

do you mean an open executable or dll.. if so use LORDPE or PETOOLS (should be easily found probably on tuts4you.com ;) ... select name of process then dump..

Posted

Going by his previous posts my guess is he's looking to code a solution in VB.

If thats the case, I think Google will be your best bet.

  • 4 months later...
Posted

pls C or pascal ?

or fortran :o

Posted (edited)

hmmmmmmmmmm how could a reverser figure out how to make a dumper exactly like LordPe or PeTools or CFF Explorer?

Maybe by reversing one or all of those programs and figuring out how they work?

Reversing is not only cracking.

There are 3 steps to make a process dumper:

1. Gather information from the header of the file on disk (not from the process).

2. Copy the process into a file.

3. Fix the header of that file to reflect the changes.

The programming language is not important as long as you understand the big picture behind what you are trying to do.

TiGa

Edited by TiGa
Posted

Why reinvent the wheel?

As stated above there are several dumpers available. But here are some links that might help you out....

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=13031&lngWId=1http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=66637&lngWId=1

And if they do not I am sure you can find something there that will. There are many sites where you can d/l example source code to learn from. Do not hesitate to use google, and if all you can find is an example source in another language, look at it and try to figure out what is going on and convert it to vb..

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...