A packed file's data cannot be seen in plain sight, but if we let it run, everything is expected to be unpacked in its process space. What we aim to do is to produce a version of the file in its unpacked state. To do that, we need to dump the whole memory then extract the executable's process image to a file.