Tuesday, December 29, 2015

windbg - Dumping a dll from a debugged process to disk

http://stackoverflow.com/a/1644723
http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/09/23/special-command-saving-modules-using-writemem.aspx

I found this useful when looking at a application that didn't have the dll on the file system for some reason.  This was for the newest build of an application I was taking apart and I found it weird so I had to resort to the debugger.

Worst case, if you wanna just IDA, just do a memory snapshot with IDA when attached to the app you're working with.

Hope this helps someone.

Friday, December 25, 2015

commands for clones and snapshots with free esxi

http://blog-lrivallain.rhcloud.com/2015/02/26/play-vm-snapshots-esxi-command-line-tools/

It's been a while.  But I now have 2 esxi boxes at the house.  This is useful for those folks that want to clone and linked clone on the free.