Skip to content

ndrammer/DMiniDumpWrite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
DInvoke
DInvoke
 
 
Properties
Properties
 
 
App.config
App.config
 
 
DMiniDumpWrite.csproj
DMiniDumpWrite.csproj
 
 
DMiniDumpWrite.sln
DMiniDumpWrite.sln
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 

Repository files navigation

DMiniDumpWrite

Uses DInvoke from TheWover to invoke dynamically MiniDumpWriteDump function and dump LSASS process memory.

It also uses DInvoke for calling all the Native APIs needed. Dump is directly processed from memory to a compressed file to minimize detection using a callback function in MiniDumpWriteDump thanks to callback code in https://github.com/ricardojoserf/lsass-dumper-csharp

Usage

It is necessary to have SeDebugPrivilege. You can use basic scripts from pwshSeDebug.

.\DMiniDumpWrite

Dump file is saved to dump.dmp.gz

Dump file can be processed with pypykatz:

pypykatz lsa minidump dump.dmp

It is also recommended to protect the assembly with ConfuserEx tool to avoid signature detection.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages