WinDBG extensions for 64 bit PE files

#19220 by p4r4n0id
Wed May 08, 2013 11:57 am

Hi Guys,

Are you familiar with a Windbg extension / script that dumps 64 bit debugged PE files? I am familiar with dumppe ( https://code.google.com/p/dumppe/ ) but it is 32 bit only.

Another tool needed is ,again, a Windbg extension which is able to change page protections for 64 bit as well.

Any ideas ? :)

Thx,

p4r4n0id

Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/

Username

p4r4n0id

Posts

126

Joined

Thu Sep 22, 2011 11:36 am

Location

Israel

Contact

Re: WinDBG extensions for 64 bit PE files

#19237 by _glmcdona
Thu May 09, 2013 5:24 am

I recently wrote a tool that dumps 64 bit PE files from memory to disk, though it is not a windbg plugin:
- http://split-code.com/processdump.html

Just use it and specify the process pid or process name to dump the PE files in it's address space back to disk.

Username

_glmcdona

Posts

10

Joined

Wed Apr 03, 2013 4:59 am

Re: WinDBG extensions for 64 bit PE files

#19283 by EreTIk
Wed May 15, 2013 5:25 pm

My extension: http://eretik.omegahg.com/download/KdExtMod.rar
Usage: !pedump addr fileName
Description (rus): http://eretik.omegahg.com/kd/pedump.html

Username

EreTIk

Posts

13

Joined

Tue Nov 09, 2010 9:27 pm

Re: WinDBG extensions for 64 bit PE files

#19285 by p4r4n0id
Wed May 15, 2013 9:04 pm

EreTIk wrote:My extension: http://eretik.omegahg.com/download/KdExtMod.rar
Usage: !pedump addr fileName
Description (rus): http://eretik.omegahg.com/kd/pedump.html

Thx a lot bro!! will let u know how it goes ;)

p4r4n0id

Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/

Username

p4r4n0id

Posts

126

Joined

Thu Sep 22, 2011 11:36 am

Location

Israel

Contact