I have an app that loads a bunch of dlls dynamically through a memorystream at runtime. Using WinDBG I can see the loaded modules when using the command !DumpDomain. Using other commands (like ! lm) does not show/list these hidden dlls.
Now I want to save these dlls to disk by using the !SaveModule [ModuleNumber from !DumpDomain list] command. It works perfectly but the thing is I have to do it manually for each module. I want to automate this process and found the following code:
!for_each_module .if ($spat ("${@#ImageName}","*.exe")) { !SaveModule ${@#Base} c:\temp\${@#ModuleName}.exe } .else { !SaveModule ${@#Base} c:\temp\${@#ModuleName}.dll }
The problem with this code is that the code actually does not export the desired hidden dlls. I think it has something to do that "for_each_module" does not include modules from the !DumpDomain command.
Does anybody have a solution for that? Or
Is there a better way to save the dlls to disk?
Any advice appreciated!
.NET modules are not listed with lm so it is not in .for_each_module
In order to save managed modules, do this:
Get NetExt extension: https://github.com/rodneyviana/netext/releases
Use !wmodule command: https://github.com/rodneyviana/netext#wmodule
!wmodule -managed -saveto c:\temp\
To avoid saving Microsoft modules (like System.Web.dll), use this command instead:
!wmodule -managed -noms -saveto c:\temp\