{"id":17263378,"url":"https://github.com/0vercl0k/kdmp-parser-rs","last_synced_at":"2026-01-02T23:18:46.691Z","repository":{"id":228910590,"uuid":"775256320","full_name":"0vercl0k/kdmp-parser-rs","owner":"0vercl0k","description":"A KISS Rust crate to parse Windows kernel crash-dumps created by Windows \u0026 its debugger.","archived":false,"fork":false,"pushed_at":"2025-02-04T15:56:27.000Z","size":922,"stargazers_count":33,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-31T07:08:40.853Z","etag":null,"topics":["bitmap-dump","crash-dump","crate","dmp","dumps","full-dump","kernel-dump","rust","windbg"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0vercl0k.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"0vercl0k"}},"created_at":"2024-03-21T03:24:36.000Z","updated_at":"2025-03-03T02:10:21.000Z","dependencies_parsed_at":"2024-03-29T03:36:23.544Z","dependency_job_id":"8a4f20f8-9e8e-4bb4-9ea1-beac84db6a3b","html_url":"https://github.com/0vercl0k/kdmp-parser-rs","commit_stats":null,"previous_names":["0vercl0k/kdmp-parser-rs"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0vercl0k%2Fkdmp-parser-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0vercl0k%2Fkdmp-parser-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0vercl0k%2Fkdmp-parser-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0vercl0k%2Fkdmp-parser-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0vercl0k","download_url":"https://codeload.github.com/0vercl0k/kdmp-parser-rs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247622983,"owners_count":20968575,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitmap-dump","crash-dump","crate","dmp","dumps","full-dump","kernel-dump","rust","windbg"],"created_at":"2024-10-15T07:56:22.502Z","updated_at":"2026-01-02T23:18:46.686Z","avatar_url":"https://github.com/0vercl0k.png","language":"Rust","funding_links":["https://github.com/sponsors/0vercl0k"],"categories":["Rust"],"sub_categories":[],"readme":"\u003cdiv align='center'\u003e\n  \u003ch1\u003e\u003ccode\u003ekdmp-parser\u003c/code\u003e\u003c/h1\u003e\n  \u003cp\u003e\n    \u003cstrong\u003eA \u003ca href=\"https://en.wikipedia.org/wiki/KISS_principle\"\u003eKISS\u003c/a\u003e, dependency free, Rust crate to parse Windows kernel crash-dumps created by Windows \u0026 its debugger.\u003c/strong\u003e\n  \u003c/p\u003e\n  \u003cp\u003e\n    \u003ca href=\"https://crates.io/crates/kdmp-parser\"\u003e\u003cimg src=\"https://img.shields.io/crates/v/kdmp-parser.svg\" /\u003e\u003c/a\u003e\n    \u003ca href=\"https://docs.rs/kdmp-parser/\"\u003e\u003cimg src=\"https://docs.rs/kdmp-parser/badge.svg\"\u003e\u003c/a\u003e\n    \u003cimg src=\"https://github.com/0vercl0k/kdmp-parser-rs/workflows/Builds/badge.svg\"/\u003e\n  \u003c/p\u003e\n  \u003cp\u003e\n    \u003cimg src=\"https://github.com/0vercl0k/kdmp-parser-rs/raw/main/pics/kdmp-parser.gif\" /\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\nThis is a cross-platform crate that parses Windows **kernel** crash-dumps that Windows / WinDbg generates. It exposes read-only access to the physical memory pages as well as the register / exception context. It can also read virtual memory addresses by walking the [page tables](https://en.wikipedia.org/wiki/Page_table).\n\nCompiled binaries are available in the [releases](https://github.com/0vercl0k/kdmp-parser-rs/releases) section.\n\n## How to use?\n\nIt starts by parsing a crash-dump file with by creating a [`KernelDumpParser`](https://docs.rs/kdmp-parser/latest/kdmp_parser/parse/struct.KernelDumpParser.html). It gives you access to lists of where user / kernel mode modules are loaded at, as well as their names. It also gives you access to the physical memory pages found in the crash-dump.\n\nTo read the physical memory space, use [`phys::Reader`](https://docs.rs/kdmp-parser/latest/kdmp_parser/phys/struct.Reader.html) and [`virt::Reader`](https://docs.rs/kdmp-parser/latest/kdmp_parser/virt/struct.Reader.html) to read the virtual memory space.\n\nReading the physical or the virtual memory space from a crash-dump can fail because a page that might have been resident in memory when the crash happened, might not have been captured in the dump file; so you're left with a hole. Reading the virtual memory space is even worse because accessing one byte of virtual memory means that you need to read multiple physical pages (as part of the virtual to physical translation) and any of those pages might not exist in the crash-dump.\n\nIf you prefer to read and ignore those memory errors, use [`virt::Reader::read`](https://docs.rs/kdmp-parser/latest/kdmp_parser/virt/struct.Reader.html#method.read). It won't tell you why it might have failed to read as much as you wanted, but it will tell you how many bytes it successfully read. Similarly, if you want it to read a fixed amount of bytes (and still ignore memory read errors), use [`virt::Reader::try_read_exact`](https://docs.rs/kdmp-parser/latest/kdmp_parser/virt/struct.Reader.html#method.try_read_exact).\n\nIf you care to know why a virtual translation failed, or why it wasn't able to read a certain page; use [`virt::Reader::read_exact`](https://docs.rs/kdmp-parser/latest/kdmp_parser/virt/struct.Reader.html#method.read_exact).\n\n## Parser\n\nThe [parser](src/examples/parser.rs) application is a small utility to show-case how to use the library and demonstrate its features. You can use it to dump memory, etc.\n\n![parser-usage](https://github.com/0vercl0k/kdmp-parser-rs/raw/main/pics/parser.gif)\n\nHere are the options supported:\n\n```text\nA KISS, dependency free, Rust crate to parse Windows kernel crash-dumps created by Windows \u0026 its debugger.\n\nUsage: parser.exe [OPTIONS] -- \u003cDUMP_PATH\u003e\n\nArguments:\n  \u003cDUMP_PATH\u003e\n          The dump path\n\nOptions:\n      --dump-headers\n          Dump the dump headers\n\n  -c, --context-record\n          Dump the context record\n\n  -e, --exception-record\n          Dump the exception record\n\n  -m, --mem [\u003cMEM\u003e]\n          Dump the first `len` bytes of every physical pages, unless an address is specified\n\n      --virt\n          The address specified is interpreted as a virtual address, not a physical address\n\n      --len \u003cLEN\u003e\n          The number of bytes to dump out\n\n          [default: 128]\n\n      --dtb \u003cDTB\u003e\n          Directory table base address to use for virtual memory translations\n\n  -r, --reader \u003cREADER\u003e\n          Reader mode\n\n          Possible values:\n          - mmap: The crash-dump is memory-mapped\n          - file: The crash-dump is read as a file on disk\n\n          [default: mmap]\n\n      --modules\n          Dump the list of kernel \u0026 user modules\n\n  -h, --help\n          Print help (see a summary with '-h')\n\n  -V, --version\n          Print version\n```\n\n# Authors\n\n* Axel '[@0vercl0k](https://twitter.com/0vercl0k)' Souchet\n\n# Contributors\n\n[ ![contributors-img](https://contrib.rocks/image?repo=0vercl0k/kdmp-parser-rs) ](https://github.com/0vercl0k/kdmp-parser-rs/graphs/contributors)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0vercl0k%2Fkdmp-parser-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0vercl0k%2Fkdmp-parser-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0vercl0k%2Fkdmp-parser-rs/lists"}