Save Open Process To Disk

[Matrix]

Hi Friends

how i save a open process in memory to disk ?

plz help me

Tanx

[syk071c]

do you mean an open executable or dll.. if so use LORDPE or PETOOLS (should be easily found probably on tuts4you.com ... select name of process then dump..

[Loki]

Going by his previous posts my guess is he's looking to code a solution in VB.

If thats the case, I think Google will be your best bet.

[4e4en]

Or better on Delphi. XD

[ahmadmansoor]

Or pls in VB6

[Killboy]

pls C or pascal ?

or fortran

[TiGa]

hmmmmmmmmmm how could a reverser figure out how to make a dumper exactly like LordPe or PeTools or CFF Explorer?

Maybe by reversing one or all of those programs and figuring out how they work?

Reversing is not only cracking.

There are 3 steps to make a process dumper:

1. Gather information from the header of the file on disk (not from the process).

2. Copy the process into a file.

3. Fix the header of that file to reflect the changes.

The programming language is not important as long as you understand the big picture behind what you are trying to do.

TiGa

Edited February 25, 2008 by TiGa

[DrPepUr]

Why reinvent the wheel?

As stated above there are several dumpers available. But here are some links that might help you out....

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=13031&lngWId=1http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=66637&lngWId=1

And if they do not I am sure you can find something there that will. There are many sites where you can d/l example source code to learn from. Do not hesitate to use google, and if all you can find is an example source in another language, look at it and try to figure out what is going on and convert it to vb..