Manually reconstructing a PE file from a crash dump in IDA
In this episode, we start with a Windows user mode crash dump file. Our goal is to grab the main executable's segments, clean the segments, find/create the imports table, find the entry point and the original entry point, apply signatures, and other discussions. At the end, we should have a clean database with a 'reconstructed' PE file therein. If you found this video useful, please feel free to buy me a coffee here: https://www.buymeacoffee.com/0xeb
In this episode, we start with a Windows user mode crash dump file. Our goal is to grab the main executable's segments, clean the segments, find/create the imports table, find the entry point and the original entry point, apply signatures, and other discussions. At the end, we should have a clean database with a 'reconstructed' PE file therein. If you found this video useful, please feel free to buy me a coffee here: https://www.buymeacoffee.com/0xeb