glmcdona / Process-Dump

Windows tool for dumping malware PE files from memory back to disk for analysis.
http://split-code.com/processdump.html
MIT License
1.65k stars 261 forks source link

.Net dump #16

Open May-Medhat opened 4 years ago

May-Medhat commented 4 years ago

Kindly why i can not dump .net packed process, it generates only hidden modules?

glmcdona commented 4 years ago

Thanks for your report. Would you be able to give an example application that you are able to reproduce this for?

There is a good chance I may have just fixed this with this change. This fixes some .net compatibility issues: https://github.com/glmcdona/Process-Dump/commit/07782e5e5b868bf80258fba5e20dd7cf0a1cc498