search

glmcdona / Process-Dump

Windows tool for dumping malware PE files from memory back to disk for analysis.
http://split-code.com/processdump.html
MIT License
1.63k stars 261 forks source link

Windows XP 32bit process dump not dumping modules #6

Closed glmcdona closed 7 years ago

glmcdona commented 7 years ago

For some reason with the new Process Dump version no modules are being dumped. They are being found, but not dumped.

Attached the logfile 'pd.exe -system -verbose': pd_log.txt

glmcdona commented 7 years ago

As a note, the following command also fails to add any hashes to the clean db: 'pd -db genquick'

glmcdona commented 7 years ago

Fixed this bug. Fixed a mistake in the get_mbi_info() function causing it to consider all regions unallocated for 32-bit MBI structures.