Reassembling a binary from a memory dump can be a tedious task. Now Harlan Carvey has released a Perl script which automates the process.
In order to run the tool, you need a memory dump in raw format, like it's generated by dd, X-Ways Capture and VMware 5.5 (suspend the session and look for the .VMEM file). In a raw memory dump the file offset equals the physical element - and that's what the tool assumes. To process a Windows Crash Dump (DMP) a translation layer would be required
In addition the tool is restricted to dumps obtained from systems running Microsoft Windows 2000. But it shouldn't be too difficult to adjust the offsets to other versions of Windows.
