Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   LiveDump (A simple memory dumper) (https://forum.exetools.com/showthread.php?t=17701)

cra0 06-28-2016 10:57
LiveDump (A simple memory dumper)
 
I'm a fan of 010 Editor's templating system they have in place where you can write layouts for hex dumps or file formats I use it in almost all of my research/reversing.
More information about that can be found here even though the hex editor has a built in system to open a live processes memory it's not really great. I needed a system where the data I was looking at was live and updated almost instantaneously so I wrote LiveDump.
LiveDump is a simple memory dumper which will either dump a region of memory once to a file or constantly dump it every X many milliseconds, this way I can see the data updated almost live in 010 editor and make use of their templating to reverse a portion of a data structure or class object. There are things like Reclass which are purposely built for this reason which I do use however my own personal preference is the templating feature built into 010 editor as it's very robust and you incorporate loops and logic into it to display the data out how you want it.

http://i.imgur.com/3cX5B6O.png
http://rel.cra0kalo.com/depot/LiveDump.zip

atom0s 06-29-2016 02:50
I'm in the same boat. I've requested this feature a few times to them. The most recent response I got was:
Quote:
Hello atom0s

Thank you very much for your email and glad to hear that you are finding 010 Editor useful. We are planning on doing a bunch of improvements to process editing in the future and we'll try to look at auto reloading process memory. It would even be nice to highlight bytes that have changed. We're not sure the time frame right now but we'll try to let you know when we have some things implemented. Let us know if you have any questions and have a great day!

Sincerely,
Graeme Sweet
So hopefully they do bring some much needed improvements to it. :)

cra0 06-29-2016 11:57
Quote:
Originally Posted by atom0s (Post 105897)
I'm in the same boat. I've requested this feature a few times to them. The most recent response I got was:


So hopefully they do bring some much needed improvements to it. :)
Yeah I hope so. Anyone it doesn't bother me I made this tool for that reason to auto update the hexview with live data to repopulate my 010 template scripts.


All times are GMT +8. The time now is 09:57.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX