pe_unmapper

[TishSerg]

Hello, hasherezade! I'm not sure if it's right place for this question, but still...

I tried to use your tool as it intended to be used. 2 dll dumped from memory are successfully converted. But 1 of them results in 0 bytes... Here is that die hard dll Could you check why pe_unmapper produces 0 bytes output from that dll, please?

I got your tool from here BTW, why that repo no longer exist? Or it was renamed to something else? Anyways, thank you for that piece of soft.

[hasherezade]

hi! I don't recommend using the version from WebArchive, since it is a very old version! pe_unmapper is still maintained, just it is now stored somewhere else, as a part of the libpeconv project: https://github.com/hasherezade/libpeconv/tree/master/pe_unmapper

[hasherezade]

I checked it and I see that the new version had no problem converting your file. I am attaching the output here (password: demodemo): drBase_0x01b63f050000_unmapped.dll.zip

[TishSerg]

Thank you! Glad to see your tool is not just alive but even more advanced. Just checked other stuff on your site... I'm almost nothing have to do with reversing and when I see such skilled people in this... What I want to say is WOW. Just WOW.