udmp-parser
| Crates.io | udmp-parser |
| lib.rs | udmp-parser |
| version | 0.2.0 |
| source | src |
| created_at | 2024-03-30 15:40:24.32357 |
| updated_at | 2024-05-01 23:48:19.347843 |
| description | A Rust crate for parsing Windows user minidumps |
| homepage | |
| repository | https://github.com/0vercl0k/udmp-parser-rs |
| max_upload_size | |
| id | 1191171 |
| size | 73,523 |
Axel Souchet (0vercl0k)
documentation
README
udmp-parser: A Rust crate for parsing Windows user minidumps
This is a cross-platform crate that parses Windows user minidump dumps that you can generate via WinDbg or via right-click Create memory dump file in the Windows task manager.
The library supports Intel 32-bit / 64-bit dumps and provides read access to things like:
- The thread list and their context records,
- The virtual memory,
- The loaded modules.
Compiled binaries are available in the releases section.
Parser
The parser application is a small utility to show-case how to use the library and demonstrate its features. You can use it to dump memory, list the loaded modules, dump thread contexts, dump a memory map various, etc.
Here are the options supported:
parser.exe [-a] [-mods] [-mem] [-t [<TID>|main]] [-dump <addr>] <dump path>
Examples:
Show all:
parser.exe -a user.dmp
Show loaded modules:
parser.exe -mods user.dmp
Show memory map:
parser.exe -mem user.dmp
Show all threads:
parser.exe -t user.dmp
Show thread w/ specific TID:
parser.exe -t 1337 user.dmp
Show foreground thread:
parser.exe -t main user.dmp
Show a memory page at a specific address:
parser.exe -dump 0x7ff00 user.dmp
Authors
- Axel '@0vercl0k' Souchet
Contributors