cob_258 Posted May 11, 2018 Posted May 11, 2018 (edited) What it does It' simply shows in the hex dump the second section in the hex dump at startup (it's not a hell of a feature and this is my first plugin/c++ project) How it works the plugin wait for the fisrt PAUSDEBUG event, gets the base address of main module, read the second section RVA from the header using DbgMemRead Update the plugin will look for the first writable section and show it in dump, if none is found it shows the second section Download https://github.com/cobrce/DataDump/releases/ p.s : if there is a simpler way to do its work please tell me Edited May 11, 2018 by cob_258 update 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now