Skip to content
/ ClrDumper Public

Dump .net assembly from a native loader which uses ClrCreateinstance

License

MIT license
53 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0x410c/ClrDumper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits

ClrDumper

ClrDumper

 
 

HookClr

HookClr

 
 

TestInjection

TestInjection

 
 

.gitignore

.gitignore

 
 

ClrDumper.sln

ClrDumper.sln

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

ClrDumper

ClrDumper can dump .net assemblies and scripts from :

  • Native Clr Loaders
  • Managed Assembly (in memory loading Assembly.Load(bytes[]))
  • vbs/js hosting executables
  • vbscript or jscript
  • poweshell scripts

ClrDumper can also dump scripts at every stage, like eval or Execute

For Native loaders

ClrDumper.exe -nativeclr [PATH_TO_EXE]

For Managed Assemblies

ClrDumper.exe -asmload [PATH_TO_EXE]

For VbScript

ClrDumper.exe -vbscript [PATH_TO_VBS]

For JScript

ClrDumper.exe -jscript [PATH_TO_JS]

For Powershell

ClrDumper.exe -powershell [PATH_TO_JS]

For Executables which host vbscript/jscript/powershell

ClrDumper.exe -jscript [PATH_TO_EXE]
ClrDumper.exe -vbscript [PATH_TO_EXE]
ClrDumper.exe -powershell [PATH_TO_EXE]

ClrDumper injects HookClr.dll into the processes, please ensure the dll is in the same directory as ClrDumper.exe

Bypasses all debugger checks, obfuscation!

NOTE: THIS PROGRAM WILL RUN YOUR TARGER TO EXTRACT THE ASSEMBLY, USE AT YOUR OWN RISK

About

Dump .net assembly from a native loader which uses ClrCreateinstance

Resources

Readme

License

MIT license
Activity

Stars

53 stars

Watchers

7 watching

Forks

17 forks
Report repository

Releases 7

v1.3 Latest
Oct 18, 2022
+ 6 releases

Packages

No packages published

Languages