Dumppp - Process Inspector

This is a simple tool that I created when my job was a malware analyst. I named it as Dumppp because it’s main usage was to dump a malware’s image from memory to a file for analysis. The dumping from memory is usually done when the malware is packed or encrypted but it will be unpacked or decrypted in memory once executed, making its content visible. Once dumped, the analyst can perform file inspection like looking for malicious strings. Additional features were included subsequently to further help in malware analysis.

Features
Process Explorer
Dump running processes/threads/DLLs memory image to file
Extract strings from the process or DLL image
Check for API hooks in both user mode processes and kernel
Ability to terminate similar processes or threads using a signature (Memory Scanner)
And other minor features that can be useful in inspecting processes running on your system

Main GUI

Scan for API hooks example

Terminate by Signature snapshot

Supported Platforms

Windows 2k and above (32-bit)

Please download the current version in (v3.0):

http://sites.google.com/site/reirisen/Home/Dumppp.zip?attredirects=0