Skip to content

tasox/miniDumpReader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
Screenshot1.png
Screenshot1.png
 
 
Screenshot2.png
Screenshot2.png
 
 
WindowsMinidump.py
WindowsMinidump.py
 
 
dmpStruct.py
dmpStruct.py
 
 

Repository files navigation

Description

miniDumpReader is a Windows MiniDump (MDMP) reader that leverages Kaitai Struct (https://kaitai.io) to parse Windows memory dumps.

Alt text

Requirements

python3 -m pip install kataistruct

Usage

──(parallels㉿kali-linux)-[~/Tools/miniDumpReader]
└─$ python3 dmpStruct.py -h                                               
usage: dmpStruct.py [-h] [-f FILE] [-X] [-y YARA]

[*] Usage: dmpStruct.py -f <*.dmp>

options:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Provide a DMP file (minidump)
  -X, --hex             Writing data in hex into memoryStrings.txt
  -y YARA, --yara YARA  Yara rule(s) directory or file.

The results are saved automatically to memoryStrings.txt

# Scan DMP with Yara
python3 dmpStruct.py -f /home/parallels/Tools/miniDumpReader/rev_http.dmp -y /home/parallels/Tools/miniDumpReader/Yara/rules

# Writing Hex strings to memoryStrings.txt
python3 dmpStruct.py -f /home/parallels/Tools/miniDumpReader/rev_http.dmp -y /home/parallels/Tools/miniDumpReader/Yara/rules -X
python3 dmpStruct.py -f /home/parallels/Tools/miniDumpReader/rev_http.dmp -X

Alt text

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages