This plugin is process memory dumper for OllyDbg, IDA Pro (retail and freeware) and Immunity Debugger. Very simple overview:
OllyDumpEx = OllyDump + PE Dumper - obsoleted + useful features
Features:
- OllyDbg version 2 plugin interface supported
- IDA Pro Retail and Freeware version plugin interface supported
- Select to dump debugee exe, loaded dll or non-listed module
- Search MZ/PE Signature from memory
- Multiple Dump mode. Rebuild for typical PE dump, Binary for PE Carving
- PE32+ supported (Search and Binary Dump mode only available on 32bit debugger)
- Native 64bit process supported (IDA Pro only)
- Dump any address space as section even if not in original section header
- Add dummy section to keep PE format consistency
- Fix RVA in DataDirectory to follow ImageBase change
- Auto calculate many parameters (RawSize, RawOffset, VirtualOffset, ...)
OllyDumpEx = OllyDump + PE Dumper - obsoleted + useful features
Features:
- OllyDbg version 2 plugin interface supported
- IDA Pro Retail and Freeware version plugin interface supported
- Select to dump debugee exe, loaded dll or non-listed module
- Search MZ/PE Signature from memory
- Multiple Dump mode. Rebuild for typical PE dump, Binary for PE Carving
- PE32+ supported (Search and Binary Dump mode only available on 32bit debugger)
- Native 64bit process supported (IDA Pro only)
- Dump any address space as section even if not in original section header
- Add dummy section to keep PE format consistency
- Fix RVA in DataDirectory to follow ImageBase change
- Auto calculate many parameters (RawSize, RawOffset, VirtualOffset, ...)
