Skip to content
/ Mem2Dumper Public

Dump Memory Segment From Process Memory and Rebuild ELF So Binaries

License

MIT license
24 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Goxome/Mem2Dumper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
jni
jni
 
 
libs
libs
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Mem2Dumper

Dump Memory Segment From Process Memory and Rebuild ELF So Binaries

## Features

  • No need of Ptrace

  • Bypass Anti Debugging

  • Fix and Regenerate Elf Binaries

  • Dumping of Lib from Memory of Process

  • Auto Dumping With Segment Name

  • Manual Dumping With Custom Memory Address

  • Support Fast Dumping(May Miss some data due to limitations of syscalls)

How to use

  • You can Use latest precompiled Binaries from [HERE](https://github.com/Goxome/Mem2Dumper/libs/

  • Needs Root Access or Virtual Space

  • Get Root Shell through Adb or Terminal Apps(type: 'su') or Normal Shell into Virtual Space via Terminal Apps

1

```

 Help: ./Mem2Dumper -h

 

 Memory2Dumper <==> Made By Goxome

 
       Usage: ./Mem2Dumper -p <packageName> <option(s)
       Usage Example: >> ./Mem2Dumper -p com.goxome.demo -l -n libGoxome.so -o /sdcard <<


 Dump Memory Segment From Process Memory and Rebuild So(Elf) Libraries

 -l for Library Mode, -m for Manual Dumping Mode, By Default Auto Dumping Mode

 You can use either PID or Package Name, PID given priority over Package Name

  Options:

 --Auto Dump Args-------------------------------------------------------------------------

   -n --name <segment_name>              Segment Name From proc maps

 --Manual Dump Args-----------------------------------------------------------------------

   -m --manual                           Manual Dump Mode for Custom Address

   -n --name <dump_name>                 Dumping File Name

   -s --start <address>                  Starting Address

   -e --end <address>                    Ending Address

 --Lib Dump Args-------------------------------------------------------------------------

   -l --lib                              Dump So(Elf) Library from Memory

   -n --name <lib_name>                  Library Name From proc maps

   -r --raw(Optional)                    Output Raw Lib and Not Rebuild It

 --Other Args----------------------------------------------------------------------------

   -f --fast(Optional)                   Enable Fast Dumping(May Miss Some Bytes in Dump)

   -i --pid <process-id>                 PID of Process

   -p --package <packageName>            Package Name of App

   -o --output <outputPath>              File Output path(Default: /sdcard)

   -h --help                             Display this information

  

```

  • For Dumping Libraries

    
  Dump Library: ./mem2dumper -p com.dts.freefireth -l -r -n libil2cpp.so -o /sdcard

  Process name: com.dts.freefireth, Pid: 27077

  Base Address of libil2cpp.so Found At b2dc4000

  End Address of libil2cpp.so Found At b60b5000

  Lib Size: 53415936

  Dumped in 25.414995S

How to Build

  • Clone this repo

  • Install Android NDK, if not already.

  • Open Shell/CMD in Project Folder

  • Drag ndk-build from NDK in Shell or CMD and then Execute

  • Output will be in libs Folder.

Credits

Email Communication:-

Email: GoxomeOfficial@gmail.com

About

Dump Memory Segment From Process Memory and Rebuild ELF So Binaries

Resources

Readme

License

MIT license
Activity

Stars

24 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages