glmcdona
commented
5 years ago Thanks for the report. Could you post the full verbose logging by any chance while dumping this process? To add the verbose logging, add "-v" to the command-line arguments.
Meanwhile, there are command-line arguments that can be used to instruct Process Dump to ignore the existing PE header, and do the dumping instead by reconstructing manually. If there is an issue, this will likely solve it, but you lose things like the entry point. Try this command-line argument to see if it works instead:
pd.exe -g -pid
WARNING: module '10ffb3c50370dc3eec3490b667e5aee152d774dbf4f46604c7b5b4e3c666041 0.exe' at 0x400000. Large section size for section 2 of 0x17e9 being truncated t o 0x7ec33f5a to fit within the image size. This could be as a result of a custom code to load a library by means other than LoadLibrary(). How to by pass this error to dump unpacked version?