Posts Tagged: memory dump

This is an IDA script that can do a memory dump. It’s useful to run it after you’ve gone past the obfuscation layer(s) and reached the decrypted code/data/strings. auto eax; auto start; auto end; auto f; f = fopen(“dump.bin”, “w”); start = 0x400000; end = 0x500000; eax = start; while ( eax < end ) {  … Read Article →

Scroll To Top