First off I am aware of 1. Is it possible to export a dll definition from my AppDomain? 2. Is it possible to save a dynamic assembly to disk? 3. How can I extract DLL file from memory dump?
but none of those seem to answer my question particularly.
Consider the following scenario: a C# application loads a DLL from a memory stream (so the DLL isn't directly exposed to the user). Is there a tool that explicitly allows dumping or exporting that particular DLL from memory to disk in its original form?
Note: I'd like someone to show me a full step-by-step procedure of extracting an intact DLL from the memory dump of a C# application.
WinDbg with managed debugging extensions is capable of this trick.
First, download WinDbg (google microsoft debugging tools for windows
, they are not standalone download, but parts of other kits).
The next part is installing the psscor2
extension (from https://www.microsoft.com/en-us/download/details.aspx?id=1073) and extract it to the folder where WinDbg is located.
Next, run your program and attach WinDbg to it (its in the menu). Type the following commands:
.load psscor2
!SaveAllModules c:\modules\
Find the module you want and enjoy.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With