Author Topic: Tool for examining a running process? (Read 5884 times)

taj · « **on:** September 27, 2007 »

Suppose I have ... xyz.exe ... running on my XP machine. Is there a tool to allow me to get a memory dump of the running process...ie to look at the bytes of the exe? I'm happy to do it dynamically or use a tool to dump it and then do it offline. Assume the exe is compiled without debug.

Chris

taj · « **Reply #1 on:** September 27, 2007 »

Chris why dont you check:

http://www.e-evidence.info/other.html

memfetch is what you are looking for I think. Next time please try a more thorough web search - we're not here to do your home work you know!

taj · « **Reply #2 on:** September 27, 2007 »

Thanks Chris - Karma++.

Yes I'll try harder next time.

Shockwave · « **Reply #3 on:** September 27, 2007 »

Hmm...

I guess that you could search for ollydebug and lordpe which would do the job I think.

If you can't get hold of them because they might be hard to find, I have them here, if you want those things then give me an email address to send them to via pm.

I won't post a link because they can easily be used for illegal stuff.

taj · « **Reply #4 on:** September 27, 2007 »

Quote from: Shockwave on September 27, 2007

Hmm...

I guess that you could search for ollydebug and lordpe which would do the job I think.

Dont they just work on exe files, not on processes? Or am I wrong?

No I just checked I am infact wrong, ollydebug can attach to a running process.
BTW shockie a c compiler can be used for hacking too so I dont get the logic of not posting a link

Shockwave · « **Reply #5 on:** September 27, 2007 »

Ah sorry Chris, I mis-read your intention I thought you wanted it to see what was happening in a program.

slippy · « **Reply #6 on:** September 27, 2007 »

and what's up with the little tool called procdump? ... I've heard of a few years ago ... it's quite old but could be of use for you ... you might check this

just google for "procdump" ...

SLiPPY

Jim · « **Reply #7 on:** September 27, 2007 »

PE Explorer?

rain_storm · « **Reply #8 on:** October 17, 2007 »

You should try IDA Pro Advanced it will allow you to do a memory dump at any stage during execution. You can attach processes manually or let the program do that itself. But of course IDA Pro is not free.

Jim · « **Reply #9 on:** October 17, 2007 »

It's not free, in fact it's bloody expensive. But it is totally superb!

Jim

spitfire · « **Reply #10 on:** October 17, 2007 »

If you have visual studio, spy++ is quite nice for win32 apps. Look under the tools subdirectory in VS start menu directory.

taj · « **Reply #11 on:** October 17, 2007 »

Quote from: spitfire on October 17, 2007

If you have visual studio, spy++ is quite nice for win32 apps. Look under the tools subdirectory in VS start menu directory.

Thanks spitfire, I'll try that aswell as ollydebug.

Author Topic: Tool for examining a running process? (Read 5884 times)

taj

Tool for examining a running process?

taj

Re: Tool for examining a running process?

taj

Re: Tool for examining a running process?

Shockwave

Re: Tool for examining a running process?

taj

Re: Tool for examining a running process?

Shockwave

Re: Tool for examining a running process?

slippy

Re: Tool for examining a running process?

Jim

Re: Tool for examining a running process?

rain_storm

Re: Tool for examining a running process?

Jim

Re: Tool for examining a running process?

spitfire

Re: Tool for examining a running process?

taj

Re: Tool for examining a running process?