Sunday, September 19, 2004

OllyDump for OllyDebugger

OllyDump is one of advanced memory dumping tools. It is easy to use with OllyDbg as a plugin. Once the process is being debugged at runtime, it will be automatically search for PE section. But this tools does not give you automatically an OEP for any compressed PE file. You still have to find their OEP offset manually and write down the offset to the OllyDump window. The picture below show you how the OllyDump plugin works for dumping UPX packed file.



Just simply add your founded OEP to the Modify box and hit Dump button to save as a dumped file. You can edit the listed section for your own usages. You can easily dumping PE file without need to highlight all the debugged code and choose 'Follow in Dump > Selection'. This way sometime does not produce an accurate result.

You can find OllyDump here or here.

1 comment: