http://stackoverflow.com/a/1644723
http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/09/23/special-command-saving-modules-using-writemem.aspx
I found this useful when looking at a application that didn't have the dll on the file system for some reason. This was for the newest build of an application I was taking apart and I found it weird so I had to resort to the debugger.
Worst case, if you wanna just IDA, just do a memory snapshot with IDA when attached to the app you're working with.
Hope this helps someone.
No comments:
Post a Comment