Crates.io | udmp-parser |
lib.rs | udmp-parser |
version | 0.2.0 |
source | src |
created_at | 2024-03-30 15:40:24.32357 |
updated_at | 2024-05-01 23:48:19.347843 |
description | A Rust crate for parsing Windows user minidumps |
homepage | |
repository | https://github.com/0vercl0k/udmp-parser-rs |
max_upload_size | |
id | 1191171 |
size | 73,523 |
This is a cross-platform crate that parses Windows user minidump dumps that you can generate via WinDbg or via right-click Create memory dump file in the Windows task manager.
The library supports Intel 32-bit / 64-bit dumps and provides read access to things like:
Compiled binaries are available in the releases section.
The parser application is a small utility to show-case how to use the library and demonstrate its features. You can use it to dump memory, list the loaded modules, dump thread contexts, dump a memory map various, etc.
Here are the options supported:
parser.exe [-a] [-mods] [-mem] [-t [<TID>|main]] [-dump <addr>] <dump path>
Examples:
Show all:
parser.exe -a user.dmp
Show loaded modules:
parser.exe -mods user.dmp
Show memory map:
parser.exe -mem user.dmp
Show all threads:
parser.exe -t user.dmp
Show thread w/ specific TID:
parser.exe -t 1337 user.dmp
Show foreground thread:
parser.exe -t main user.dmp
Show a memory page at a specific address:
parser.exe -dump 0x7ff00 user.dmp