Re: [2014-06-15]ARK for Windows x64: WIN64AST(Page7#69)
PostPosted:Fri Oct 10, 2014 8:24 pm
I just joined the forum just for this. nice tool and nice forum. you will be seeing me around more often :)
A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/
frank_boldewin wrote:i like your tool, though some features are hardly missing.1.You can find memory dump function in "PROCESS -> ADVANCED OPERATIONS -> MEMORY OPERATION", I will add "complete process memory dump" and "kernel memory dump" on next version. If you want to edit kernel memory, you can use "KERNEL EXPLORER" (get more information in HELP file). If you want to edit process memory, the function is also in "PROCESS -> ADVANCED OPERATIONS -> MEMORY OPERATION". If you want to edit PE file on disk, you can use LordPE or WINHEX.
1. complete process + driver dump inkl. pe-fixing
2. memory map (VAD) view for processes including page protections as well as dumping individual pages.