SoftDump for Windows 95 and Windows NT
(c) 1998 Quine and the +HCU

Feel free to play with this all you want.  I would
love to hear about any changes you make.  I can
be reached at wvo_quine@hotmail.com.  What you cannot
do is release this program to the general cracking
community without the source code including this intro.
Furthermore, any work done with this program should
credit me, the +HCU, and fravia+'s page at http://fravia.org.

These programs let you dump memory from with SoftIce to a
disk file.  This is accomplished using memory mapped files.
You just tell the program what you want to call the file and
how big you want it to be and it maps it into memory and
tells you the address.  You can then pop into SoftICE and
use the M command to copy the memory you want into the
file's memory map.  During this time, SoftDump is waiting
for you to hit return.  When you do, it writes the file
back to disk with the data you've copied in SoftICE.

There are two versions, because it's harder to get a memory
map in another address space using NT (which is the only
M$ operating system worth using).  So, you have to provide
SoftDump with the thread ID (not the handle) of a thread
within the target application that processes Windows
messages.  This is not as hard as it sounds.  The main
thread in any non-console app will almost certainly do
this and any thread that creates a window must do this.
You can find thread IDs using a good message spying program
(Spy++ is my favorite) or you can do it from within
SoftICE.

Run the relevant version with no arguments for usage
information.

