I am debugging a kernel application and want to dump a specific part of memory. I want to copy a driver (meaning its PE header and all of its sections) after breaking at a specific point, into a dump file. I have tried to use a regular memory dump and cut out the irrelevant sections but oddly the kernel dump seems to split up PE files scattering their sections across a massive 300mb dump, making it basically useless to me. Is there a way I could dump a section of memory using Windbg, or possibly write an extension that could add such functionality?
↧