Closed igromanru closed 6 years ago
IL opcodes and stuff is processed by the .net / mono engine, so you might not find it in the process memory. I dunno where IL opcodes are stored while in memory, so maybe you cant do that at all. google how you would dump a .net dll with ollydbg, there you can see you need multiple sections (peheader, .text, .rsrc,.data...). btw if you just want this out of a game, get the games apk, rename it to zip, extract it and just take the file from there...
greetz
I've saw this tutorial. How to dump it with gdb. But I'm not sure how to install it on Nox and I thought it could also work with your dumper.
well then just use this tutorial, its idea is simply to dump ALL sections of the process and then scan the result for the file. if you want to chat with me, im usually on reddit
greetz
The question is, can I also do the same with NoxDumper. If yes, how?
If no, I guess it would be a great feature. It's much easier to use your tool as installing gdb, don't even know if I can install it in Nox.
ok, I added a button to dump all sections at once, but its VERY slow, hope it helps still, have fun
greetz
Ok, thank you. I'll try it out.
I think ,we can dump all memory in one big file,and use winhex to recovry it.
yeah, then go ahead and code that, i have no intention to do so. also that would make it hard to get sections back out. if you need this, just dump all memory sections and combine them
Thank you for the tool.
I was trying to dump Assembly-CSharp.dll with your tool, but I have no idea how to find the right memory section. Do you have an idea?