"Many in memory payload and implants utilize the tried and true technique pioneered by Stephen Fewer for ""reflectively"" loading a PR file into memory. This technique is fantastic and allows tools to take a blob in memory and load it as if it were a PE file existing on disk. What will be outlined in this talk is a technique to reverse this process and go from having an image loaded in memory to having a PE blob in memory suitable for writing to disk. This creates an exact byte for byte copy of an image suitable for being loaded back into memory (either reflectively or through the Windows system loader) and repeating the process. This could be used, for example to have a payload which is running in memory copy itself out and write itself to an arbitrary location for persistence without having to download a fresh copy from the network or keep an original in memory. The talk will focus on the technical challenges that were present while developing the technique, and provide a description of the differences of a PE file as it exists on disk and loaded in memory. Proof of concept code for the the x86 and x86-64 architectures will be released and demonstrated.