New tool: ModuleRescue

New tool on my web site:
ModuleRescue

ModuleRescue can generate executable modules (.EXEs and .DLLs) from the module information stored in minidumps. The modules produced by the application are enough to let debuggers download symbols from the symbol server even if the real matching module is not available. It is useful in the situation when, while debugging a minidump, we cannot find matching module but know that symbols for the module are available on the symbol server. ModuleRescue can be also used to view the list of modules loaded by the application at the time when the minidump was created, and analyze such information as module load address, file and product version, availability of debug information.

Published Thu, Jul 14 2005 4:59 by Oleg Starodumov

Comments

# re: New tool: ModuleRescue

The article sats the debugger can download symbols. But can you perform functions like single stepping thru a program in a recreation scenario.

Friday, July 29, 2005 10:31 AM by Oleg Starodumov

# re: New tool: ModuleRescue

Single stepping (and other "live" debugging actions) are not possible for the modules generated by ModuleRescue.
The modules are only suitable for minidump debugging, because they do not actually contain executable code.
They only contain the information necessary for debuggers to recognize them as executable modules and determine how to obtain/download
symbols (that is, proper PE headers, debug information structures, some other padding).
ModuleRescue does not attempt to reconstruct the real executable code (it is not usually available in minidumps, anyway).

Monday, August 01, 2005 4:23 AM by Oleg Starodumov

# re: New tool: ModuleRescue

This is a fantastic tool! Great job!

Is it possible to run this tool on all DLLs in a minidump? Or can it be run from the commandline, something like:
modrescue [minidump] [dllname] [filename_for_dll_to_write]

This would load the [minidump] and write out the "fake-DLL" for [dllname] to the file [filename_for_dll_to_write].

Thursday, May 18, 2006 5:20 AM by J. Bohl

# re: New tool: ModuleRescue

This is not currently possible, unfortunately. But I will try to implement it in the next version of the tool.

Thursday, June 08, 2006 8:07 AM by Oleg Starodumov

# re: New tool: ModuleRescue

Is it Open Source ?

Or can you give me some tips about what should i do to implement it's functionality?

I know how to access and process IMAGE_NT_HEADERS and CvRecords....but i don't now how to put it all together.

Thursday, June 21, 2007 6:47 AM by Sergiu