'How can I dump a specific section of memory with Windbg?

I am debugging a kernel application and want to dump a specific part of memory. I want to copy a driver (meaning its PE header and all of its sections) after breaking at a specific point, into a dump file. I have tried to use a regular memory dump and cut out the irrelevant sections but oddly the kernel dump seems to split up PE files scattering their sections across a massive 300mb dump, making it basically useless to me. Is there a way I could dump a section of memory using Windbg, or possibly write an extension that could add such functionality?

windowskernelwindbg


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

PowerShell Cannot dot-source this command because it was defined in a different language mode

I am making a calculator and I get TypeError: can only concatenate str (not "int") to str [closed]

libtorch throws c10::error after build on Windows 10 (VS2019)

SQLite3.exe shell not successfully creating database?

Is it possible to use output redirections from a cmd file using start?

Unable to create '/git/index.lock': File exists - but it doesn't

Set up Python simpleHTTPserver on Windows [duplicate]

Powershell - windows hard-disk health status is giving inconsistent results

TOX can't find the browser binary