Menu
First off I am aware of 1. Is it possible to export a dll definition from my AppDomain? 2. Is it possible to save a dynamic assembly to disk? 3. How can I extract DLL file from memory dump?
but none of those seem to answer my question particularly.
Consider the following scenario: a C# application loads a DLL from a memory stream (so the DLL isn't directly exposed to the user). Is there a tool that explicitly allows dumping or exporting that particular DLL from memory to disk in its original form?
Note: I'd like someone to show me a full step-by-step procedure of extracting an intact DLL from the memory dump of a C# application.
308
WinDbg with managed debugging extensions is capable of this trick.
First, download WinDbg (google microsoft debugging tools for windows, they are not standalone download, but parts of other kits).
The next part is installing the psscor2 extension (from https://www.microsoft.com/en-us/download/details.aspx?id=1073) and extract it to the folder where WinDbg is located.
Next, run your program and attach WinDbg to it (its in the menu). Type the following commands:
.load psscor2!SaveAllModules c:\modules\Find the module you want and enjoy.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
