Releases: glmcdona/Process-Dump
Releases · glmcdona/Process-Dump
v2.1.1
v2.1.1 updates:
- Statically link libraries, which removes the pre-install dependency on Microsoft Visual C++ Redistributable per suggestion from Blaine for easier integration to Mandiant FLARE-VM.
v2.1 updates:
- Fixed a bug where the last section in some cases would instead be filled with zeros. Thanks to megastupidmonkey for reporting this issue.
- Fixed a bug where 64-bit base addresses would be truncated to a 32-bit address. It now properly keeps the full 64-bit module base address. Thanks to megastupidmonkey for reporting this issue.
- Addressed an issue where the processes dump close monitor would crash csrss.exe.
- Stopped Process Dump from hooking it's own process in close monitor mode.
pd32.exe: Windows release for 32-bit OS's.
pd64.exe: Windows release for 64-bit OS's (recommended).
Develop
Changes so far:
- Entry point recovery database added. In the case that there is no entry point specified for a dumped code region, it will make a guess of the entry-point based on known entry-point assembly patterns.
pd32.exe: Windows release for 32-bit OS's.
pd64.exe: Windows release for 64-bit OS's (recommended).
Release develop
Update deploy.yml Try converge release for x86 and x64 binaries. Try adding versions.
v2.1
- Fixed a bug where the last section in some cases would instead be filled with zeros. Thanks to megastupidmonkey for reporting this issue.
- Fixed a bug where 64-bit base addresses would be truncated to a 32-bit address. It now properly keeps the full 64-bit module base address. Thanks to megastupidmonkey for reporting this issue.
- Addressed an issue where the processes dump close monitor would crash csrss.exe.
- Stopped Process Dump from hooking it's own process in close monitor mode.
pd32.exe: Windows release for 32-bit OS's.
pd64.exe: Windows release for 64-bit OS's (recommended).