glmcdona / Process-Dump

Windows tool for dumping malware PE files from memory back to disk for analysis.
http://split-code.com/processdump.html
MIT License
1.66k stars 263 forks source link

Suggestion #31

Open modz2014 opened 2 years ago

modz2014 commented 2 years ago

hi any chance we can do drag and drop a .exe file into program to dump and then it all once done instead of running the .exe file first and also adding on 64bit to be able to dump 32bit apps instead of having 32bit version

glmcdona commented 2 years ago

hi any chance we can do drag and drop a .exe file into program to dump and then it all once done instead of running the .exe file first_

Good suggestion. I've always considered creating a GUI around ProcessDump plus MALM together. I'll add it to the backlog and see if I'm able to pick it up.

also adding on 64bit to be able to dump 32bit apps instead of having 32bit version

The 64 bit version can dump both 32 and 64 bit processes. The 32 bit version can only dump 32 bit processes. So generally, you should be using only the 64bit version of Process Dump. Hope this clarification helps!

modz2014 commented 2 years ago

I tired using 64bit to dump 32 bit processor and doesn't dump just hangs there

modz2014 commented 1 year ago

@glmcdona any chance of making a .lib so i can link it in projects ect

glmcdona commented 1 year ago

Interesting, so from your app you can request the dumping of specific processes? Yes, I should be able to manage that. Was looking to come back to this project to add a GUI, and I'll aim to add a .lib at the same time.

modz2014 commented 1 year ago

Ok thank you happy to help if you need it discord is on my profile I'm looking forward to this

modz2014 commented 1 year ago

@glmcdona keep in mind that the Pe headers are not fixed or anything after dumping from the process