Do a right mouse click and you can terminate a process/module, dump each in 3 ways, view infos about processes/modules and you can load a process/module into the PEditor.
If you select a module that isn't a real module (it has the same filename as its owing process) then PEditor will automatically take the owing process for dumping and freeing/killing.
How to dump/unpack a file:
First load the target file into PEditor and click on break'n'enter. Do a "bpint3" in Softice and click in break'n'enter on RUN. It'll break at the entrypoint. If you're lucky you'll see what you've to enter to restore the first byte of the entrypoint ;).
Now only trace to the depackers exitpoint and enter a "a" and a "jmp eip" at the exitpoint. Then press F5 to exit Softice. Back in PEditor close break'n'enter and click on tasks, dump your target process full.
Kill the process, load the dumped file into PEditor and fix the entrypoint. Optional you can use the realigner of PEditor to minimize the filesize of the dumped file or use the Import Table rebuilder.
Note: PEditor is free for personal use only.
What's New in This Release: [ read full changelog ]
· Import Table rebuilder recoded (not win NT/2k compatible any more, resides now in rebIT.dll...rebIT.txt for more infos)
· Realigner recoded (resides now in realign.dll)
· Export Table Viewer recoded
· Import Table Viewer: now one can add new Imports, one can delete Image Import Descriptors, a refresh button was added (useful for long reversing sessions), one can now use return in many edit boxes