Process Dump v1.5 released ; Windows tool for dumping malware PE files from memory.

Process Dump v1.5 released ; Windows tool for dumping malware PE files from memory.

Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. This is a common task for malware researchers who need to dump unpacked or injected code back to disk for analysis with static analysis tools such as IDA.

Windows tool for dumping malware PE files from memory back to disk for analysis

Windows tool for dumping malware PE files from memory back to disk for analysis

Process Dump works for 32 and 64 operating systems, uses an aggressive import reconstruction approach, and allows for dumping of regions without PE headers – in these cases PE headers and import tables will automatically be generated. Process Dump supports creation and use of a clean-hash database, so that dumping of clean files such as kernel32.dll can be skipped
Example Usage:

Download executable file for Windows 32&64 bit : pd_latest(100.32 KB)
or you can build itself using Visual Studio here
Source : https://github.com/glmcdona