Skip to content
/ ClrDumper Public

Dump .net assembly from a native loader which uses ClrCreateinstance

License

MIT license
54 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0x410c/ClrDumper

1 Branch7 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
Your Name
update lib minhook
Oct 18, 2022
9b67a2c · Oct 18, 2022

History

19 Commits
ClrDumper
ClrDumper
Oct 18, 2022
HookClr
HookClr
Oct 18, 2022
TestInjection
TestInjection
May 24, 2022
.gitignore
.gitignore
Feb 16, 2022
ClrDumper.sln
ClrDumper.sln
Feb 16, 2022
LICENSE
LICENSE
Jun 1, 2022
README.md
README.md
Oct 18, 2022

Repository files navigation

ClrDumper

ClrDumper can dump .net assemblies and scripts from :

  • Native Clr Loaders
  • Managed Assembly (in memory loading Assembly.Load(bytes[]))
  • vbs/js hosting executables
  • vbscript or jscript
  • poweshell scripts

ClrDumper can also dump scripts at every stage, like eval or Execute

For Native loaders

ClrDumper.exe -nativeclr [PATH_TO_EXE]

For Managed Assemblies

ClrDumper.exe -asmload [PATH_TO_EXE]

For VbScript

ClrDumper.exe -vbscript [PATH_TO_VBS]

For JScript

ClrDumper.exe -jscript [PATH_TO_JS]

For Powershell

ClrDumper.exe -powershell [PATH_TO_JS]

For Executables which host vbscript/jscript/powershell

ClrDumper.exe -jscript [PATH_TO_EXE]
ClrDumper.exe -vbscript [PATH_TO_EXE]
ClrDumper.exe -powershell [PATH_TO_EXE]

ClrDumper injects HookClr.dll into the processes, please ensure the dll is in the same directory as ClrDumper.exe

Bypasses all debugger checks, obfuscation!

NOTE: THIS PROGRAM WILL RUN YOUR TARGER TO EXTRACT THE ASSEMBLY, USE AT YOUR OWN RISK

About

Dump .net assembly from a native loader which uses ClrCreateinstance

Resources

Readme

License

MIT license
Activity

Stars

54 stars

Watchers

7 watching

Forks

17 forks
Report repository

Releases 7

v1.3 Latest
Oct 18, 2022
+ 6 releases

Packages

No packages published

Languages