procexp core dump

Used for discussing the various tools in the book as well as encouraging members to share tools

procexp core dump

Postby darkknight » Mon Aug 22, 2016 2:41 pm

So I had mentioned this in another thread but running the core dump doesnt seem to produce the results you would expect. See screenshot below:
Screen Shot 2016-08-22 at 9.30.12 AM.png
procexp core dump
Screen Shot 2016-08-22 at 9.30.12 AM.png (205.47 KiB) Viewed 2711 times
darkknight
 
Posts: 66
Joined: Mon Apr 18, 2016 10:49 pm

Re: procexp core dump

Postby morpheus » Thu Aug 25, 2016 9:53 pm

err.. What am I seeing there? Is that hopper? Some other GUI? Please just show me a jtool -v -l?

The core dump works on any PID, and generates an MH_CORE file, which contains all segments which were previously mmap()ed at the time of the dump generation. When you generate the core, it should say that it was successful, as well as give a list of several segments which may not have been included.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: procexp core dump

Postby darkknight » Sat Aug 27, 2016 1:52 pm

Administrator wrote:err.. What am I seeing there? Is that hopper? Some other GUI? Please just show me a jtool -v -l?

The core dump works on any PID, and generates an MH_CORE file, which contains all segments which were previously mmap()ed at the time of the dump generation. When you generate the core, it should say that it was successful, as well as give a list of several segments which may not have been included.

Oh ok then I must have misunderstood. Based on another thread I was expecting that the output would be similar to that of dumpdecrypted. That it would produce basically the same results is all....
darkknight
 
Posts: 66
Joined: Mon Apr 18, 2016 10:49 pm

Re: procexp core dump

Postby darkknight » Mon Sep 05, 2016 8:19 pm

Ok, so it is a valid core file as shown below. Like I said I thought the result would have been similar to dumpdecrypted as discussed in another thread:

core dump.png
core dump.png (11.23 KiB) Viewed 2623 times


procexp1.png
procexp1.png (92.57 KiB) Viewed 2625 times


procexp2.png
procexp2.png (64.91 KiB) Viewed 2625 times
darkknight
 
Posts: 66
Joined: Mon Apr 18, 2016 10:49 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 7 guests