search

glmcdona / Process-Dump

Windows tool for dumping malware PE files from memory back to disk for analysis.
http://split-code.com/processdump.html
MIT License
1.65k stars 261 forks source link

Spotify.exe (and some other apps) dumping creating huge dump of main exe #3

Open glmcdona opened 8 years ago

glmcdona commented 8 years ago

Dumping the main Spotify.exe is creating a ~2GB file. Investigate why this is and add more smart safety limits.

3dsboy08 commented 6 years ago

This is because of Themida's anti-dumping protection.

TAbdiukov commented 5 years ago

This is because of Themida's anti-dumping protection.

Can confirm 100%. The size can be shrunk with LordPE's rebuild PE functionality