{"id":13730229,"url":"https://github.com/alexandernst/memory-dumper","last_synced_at":"2025-05-12T15:31:09.472Z","repository":{"id":11796076,"uuid":"14340537","full_name":"alexandernst/memory-dumper","owner":"alexandernst","description":"A tool for dumping files from processes memory","archived":false,"fork":false,"pushed_at":"2017-11-22T13:25:47.000Z","size":238,"stargazers_count":36,"open_issues_count":3,"forks_count":15,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-11-14T21:37:52.498Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alexandernst.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-11-12T18:02:07.000Z","updated_at":"2024-08-06T19:09:19.000Z","dependencies_parsed_at":"2022-09-13T04:01:51.405Z","dependency_job_id":null,"html_url":"https://github.com/alexandernst/memory-dumper","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexandernst%2Fmemory-dumper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexandernst%2Fmemory-dumper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexandernst%2Fmemory-dumper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexandernst%2Fmemory-dumper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alexandernst","download_url":"https://codeload.github.com/alexandernst/memory-dumper/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225140349,"owners_count":17427116,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T02:01:11.853Z","updated_at":"2024-11-18T06:42:55.486Z","avatar_url":"https://github.com/alexandernst.png","language":"C++","funding_links":[],"categories":["C++"],"sub_categories":[],"readme":"What is memory-dumper\n=============\n\nmemory-dumper is a tool for dumping files from process's memory.\nThe main purpose is to find patterns inside the process's memory,\nwhich is done by plugins, and dump segments of memory to files.\n\nWhy would I use memory-dumper\n=============\n\nVirtually memory-dumper can dump anything, it's up to you find it\nany use. That said, I use it to dump Flash files (```SWF```). There are\nmany ```SWF``` encrypted files that can't be decrypted easily. The only\neasy way is make them decrypt themself and them dump them directly\nfrom memory.\n\nNew plugins for dumping any other type of data can be created\neasily.\n\nHow do I compile it?\n=============\n\nYou'll need `meson`, `python3` and `ninja-build`. Once you have those, just run:\n\n    mkdir build\n    cd build\n    meson ..\n    ninja\n\nHow do I use it?\n=============\n\nGo to the `build` directory and run:\n\n    sudo ./memory-dumper -p PID\n\nto dump the memory of a process (`sudo` is required because `memory-dumper` must read the\nmemory of a process that doesn't own)\n\nor\n\n    ./memory-dumper -p /path/to/file.ext\n\nto dump the content of a file.\n\nOk, I'd like to dump ```XYZ``` file\n=============\n\nYou just need to create a plugin! It's that easy. Just look inside\nthe plugin folder. Your plugin should have two main functions.\nThe first one is ```init``` which will be used to init the plugin\nitself and pass it some useful functions; and the second one is ```match```,\nwhich is used to pass a memory block to the plugin so it can search\nand dump it's content.\n\nTO-DO:\n=============\n\n* Currently memory-dumper works only on Linux. Maybe I'll port it to\nWindows at some point in the future, but I don't want to promise\nanything. Anyways, I'll accept a patch for this :)\n\n* I'm planning to write some more plugins. If you want a plugin for\nsome specific file type, use the ```New issue``` button :)\n\n* Write some documentation about how to write a plugin.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexandernst%2Fmemory-dumper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexandernst%2Fmemory-dumper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexandernst%2Fmemory-dumper/lists"}