Dark Bit Factory & Gravity

PROGRAMMING => General coding questions => Topic started by: taj on September 27, 2007

Title: Tool for examining a running process?
Post by: taj on September 27, 2007: Suppose I have ... xyz.exe ... running on my XP machine. Is there a tool to allow me to get a memory dump of the running process...ie to look at the bytes of the exe? I'm happy to do it dynamically or use a tool to dump it and then do it offline. Assume the exe is compiled without debug.

Chris
Title: Re: Tool for examining a running process?
Post by: taj on September 27, 2007: Chris why dont you check:

http://www.e-evidence.info/other.html

memfetch is what you are looking for I think. Next time please try a more thorough web search - we're not here to do your home work you know!
Title: Re: Tool for examining a running process?
Post by: taj on September 27, 2007: Thanks Chris - Karma++.

Yes I'll try harder next time.
Title: Re: Tool for examining a running process?
Post by: Shockwave on September 27, 2007: Hmm...

I guess that you could search for ollydebug and lordpe which would do the job I think. :)

If you can't get hold of them because they might be hard to find, I have them here, if you want those things then give me an email address to send them to via pm.

I won't post a link because they can easily be used for illegal stuff.
Title: Re: Tool for examining a running process?
Post by: taj on September 27, 2007: Quote from: Shockwave on September 27, 2007
Hmm...

I guess that you could search for ollydebug and lordpe which would do the job I think. :)

Dont they just work on exe files, not on processes? Or am I wrong?

No I just checked I am infact wrong, ollydebug can attach to a running process.
BTW shockie a c compiler can be used for hacking too so I dont get the logic of not posting a link :stirrer:
Title: Re: Tool for examining a running process?
Post by: Shockwave on September 27, 2007: Ah sorry Chris, I mis-read your intention I thought you wanted it to see what was happening in a program.
Title: Re: Tool for examining a running process?
Post by: slippy on September 27, 2007: and what's up with the little tool called procdump? ... I've heard of a few years ago ... it's quite old but could be of use for you ... you might check this :)

just google for "procdump" ...

SLiPPY
Title: Re: Tool for examining a running process?
Post by: Jim on September 27, 2007: PE Explorer?
Title: Re: Tool for examining a running process?
Post by: rain_storm on October 17, 2007: You should try IDA Pro Advanced it will allow you to do a memory dump at any stage during execution. You can attach processes manually or let the program do that itself. But of course IDA Pro is not free.
Title: Re: Tool for examining a running process?
Post by: Jim on October 17, 2007: It's not free, in fact it's bloody expensive. But it is totally superb!

Jim
Title: Re: Tool for examining a running process?
Post by: spitfire on October 17, 2007: If you have visual studio, spy++ is quite nice for win32 apps. Look under the tools subdirectory in VS start menu directory.
Title: Re: Tool for examining a running process?
Post by: taj on October 17, 2007: Quote from: spitfire on October 17, 2007
If you have visual studio, spy++ is quite nice for win32 apps. Look under the tools subdirectory in VS start menu directory.

Thanks spitfire, I'll try that aswell as ollydebug.