NativeDumper
 

NativeDumper:
Native module dumper, just select a process
do right mouse click and choose "Dump main module"
or "Modules" to enumerate modules, select target module,
do right mouse click an choose "Dump".

Advantage over other dumpers:
- Small dump file size ( with default dumping options
more exactly with "Fix Raw" option unchecked (off).

NativeDumper .zip (binary)
and
NativeDumper(Src).zip (source code Visual C++) attached.

also we can use

------------------------------
Process Dump v1.4
Copyright й 2015, Geoff McDonald
http://www.split-code.com/

Process Dump (pd.exe) is a tool used to dump both 32 and 64 bit executable modules back to disk from memory within a process address space. This tool is able to find and dump hidden modules, and it uses a clean hash database to exclude dumping of known clean files. This tool uses an aggressive import reconstruction approach that links all DWORD/QWORDs that point to an export in the process to the corresponding export function.
------------------------------

Now actually v1.5 is available... :)

Direct download link of compiled v1.5 :

http://split-code.com/files/pd_latest.zip

New options:
"Round raw size" - Not actually necessary, will round raw size of sections to FileAlignment
"Current EIP" to change the EntryPoint - you should stop at old entry point with Olly or other debugger,

"Sections info from" Memory or File.

Raw options:
"Original raw" - don't make any change to raws (raw address and raw size) of sections, note that this will fail for 99% of packers/protectors
Good for application virtualizators like Spoon Studio to get original untoched module from memory.
"RAW=VA" - set RAW address = Virtual Address and RAW Size = Virtual size of section, using this option you will have working dumps but a bit larger dumps.
"Calculate raw" - preferable option, will try to recalculate raw addresses and raw sizes.

alternativ download link please

NativeDumper64
 

NativeDumper64+source code Visual Studio Community 2017 attached.

NativeDumper_v2_x86
 

NativeDumper_v2_x86:
What's new: - Fixed "Current EIP".

I've noticed that "Section info from" -> File doesn't works for some files on both 32 bits and 64 bits;
I will try to fix it latter.
It is true however that for packer you should select section from memory.

NativeDumper_FixedXP
 

Here we go again, a fix for crush of "Current EIP"in Windows XP.
Now should work fine. It will be great if someone will do some test.
Release for both 32 and 64 bits.

NativeDumper v3 x86
 

NativeDumper_v3_x86:
- When "Current EIP" is pressed now detect Olly and substract -1 from eip;
it will be really great if someone will test with different versions of Olly.

NativeDumper v4 x86
 

NativeDumper_v4_x86:
- When "Current EIP" now detect Olly and substract -1 from eip only if we are original entry point