Want to Join Us ?

you'll be able to discuss, share and send private messages.


Discussion in 'Plugins' started by m4n0w4r, Jan 21, 2019.

Share This Page

  1. m4n0w4r

    Well-Known Member

    Author: Lasha Khasaia @_qaz_qaz

    If a process allocates a dynamic memory using VirtualAlloc, HeapAlloc, new, etc. and continues execution from that address, most of times, the memory address will be different for each different execution, it means that if we comment, rename variables or set breakpoints, nothing of this will be left in the next execution because the shellcode or code section will take a different memory address.
    dumpDyn.py is IDAPython plugin(script) which saves comments, names, breakpoints, functions from one execution to another.


    If VirtualAlloc/VirtualAllocEx is used to allocate a dynamic memory (which is the case with most malware), you can use icons on the toolbar to save and restore your work:


    In any other case(HeapAlloc, malloc, new, etc), you need to specify memory location and size:


    Restore functions from undefined data:


    Download here: