|
Dumping a dll with ollydump
Hi,
I'm trying to dump a packed DLL using ollydump. I wrote a simple program that just loads the DLL, and I've traced to the original entrypoint and am ready to dump, but I don't know how to figure out what addresses I should put in "Base of Code" and "Base of Data". Do I also need to change something in the section table? Please help me out... :) |
(Just a general note before you read this, I'm not 100% sure of the advice I'm going to give, so be weary.)
Why don't you load the dll into Olly? If you're using your method, as far as I'm aware that's fine, but when it comes to dumping it, isn't the base addresses automatically put there? As for the tables, are you on about the reconstruction of the import tables, if so I'd use Imprec (Import reconstructor) to do that. |
how want you do that? a dll can't loaded without a executable. and the base-address is then from the dll-loader & wrong OEP.
|
Oh I understand what he wants to do now. Why would you want to do that? Is the dll what does the protection? I'm not 100% sure of the big picture here, perhaps you could paint it for us?
|
Well I managed to dump it successfully with procdump and imprec. I originally thought the dll would have something to do with the protection, but it turns out it had nothing of interest. Oh well.. at least I learned something new. :D
sorry to waste your time... |
You solved it, so I don't think our time was wasted, anyways, congratulations.
|
yes, you can dump packed dll, just view excutable,right click on
dll , choose follow entry , set he on entry , run , once stopped on entry ,do as you would with exe for finding oep, dump from there. |
| All times are GMT +8. The time now is 08:02. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX