Source Apex Legends — External Memory Dumper (C++)

[byte_corvus]

Managed to get my hands on this base my buddy put together for dumping Apex memory. It is a solid foundation if you are looking to work on internal structures or grab fresh offsets directly from the process.

You cant view this link please login.

Compilation Instructions:

1. Place your own kernel driver file in the project root (same level as DUMPER.cpp).
2. Open dumper.sln in Visual Studio.
3. Select Release | x64 and build the solution.
4. Output binary will be in: x64\Release\dumper.exe

Usage:
Run as admin. It reads memory via the kernel driver. You need to provide the target PID. You can target the module name (r5apex_dx12.exe) to auto-grab the base address. By default, it dumps the whole module based on the SizeOfImage in the PE header, but you can override this manually. The result hits out.bin; you will need a pe_unmapper to make sense of the raw dump.

Note:
I cannot include the driver file here as it is tied to a specific license—you will need your own driver loaded. I have included the API interface docs below so you can see the expected function calls and requirements for the dumper to communicate with your driver.

// Driver API interface documentation for dumper integration
// Review these function hooks before compiling your own driver

Anyone got a decent pe_unmapper recommendation for these modern dumps? Let me know if you run into alignment issues with the current SizeOfImage implementation.