{"id":15374438,"url":"https://github.com/ivan-sincek/memory-dumper","last_synced_at":"2025-08-03T05:30:51.968Z","repository":{"id":107019206,"uuid":"469690144","full_name":"ivan-sincek/memory-dumper","owner":"ivan-sincek","description":"Dump a process memory and extract data based on regular expressions.","archived":false,"fork":false,"pushed_at":"2023-04-25T18:40:04.000Z","size":295,"stargazers_count":3,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-10-17T16:21:18.506Z","etag":null,"topics":["bug-bounty","c-plus-plus","computer-forensics","defensive-security","dump-memory","ethical-hacking","incident-response","offensive-security","penetration-testing","red-team-engagement","reverse-engineering","security","threat-hunting","windows","windows-penetration-testing"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivan-sincek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-14T10:46:45.000Z","updated_at":"2024-03-31T00:18:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"87eba59c-3c72-4a10-8954-d4dd8afe3cec","html_url":"https://github.com/ivan-sincek/memory-dumper","commit_stats":{"total_commits":1,"total_committers":1,"mean_commits":1.0,"dds":0.0,"last_synced_commit":"15ed440a27a26c366bf6d20b7b667f80cab95879"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmemory-dumper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmemory-dumper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmemory-dumper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmemory-dumper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivan-sincek","download_url":"https://codeload.github.com/ivan-sincek/memory-dumper/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228526745,"owners_count":17933291,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","c-plus-plus","computer-forensics","defensive-security","dump-memory","ethical-hacking","incident-response","offensive-security","penetration-testing","red-team-engagement","reverse-engineering","security","threat-hunting","windows","windows-penetration-testing"],"created_at":"2024-10-01T13:58:47.299Z","updated_at":"2024-12-06T21:21:17.359Z","avatar_url":"https://github.com/ivan-sincek.png","language":"C++","readme":"# Memory Dumper\n\nDump a process memory and extract data based on regular expressions. Tool uses multithreading.\n\nDump and inspect a process memory:\n\n* during inactivity in an application,\n* after locking an application,\n* after logging out from an application.\n\nGarbage cleaners might not free the unused memory immediately, but should do so after 5-10 minutes after the last action.\n\nCPU and RAM consumption, as well as duration heavily depends on:\n\n* number of memory dump files,\n* size of each memory dump file,\n* number of regular expressions and their complexity.\n* occurrence of each regular expression.\n\nBuilt with Visual Studio Community 2019 v16.10.2 (64-bit) and tested on Windows 10 Enterprise OS (64-bit).\n\nMade for educational purposes. I hope it will help!\n\n## Table of Contents\n\n* [How to Run](#how-to-run)\n* [Manual Memory Dumping](#manual-memory-dumping)\n* [Manual Memory Inspection](#manual-memory-inspection)\n\t* [rabin2](#rabin2)\n\t* [strings](#strings)\n* [Images](#images)\n\n## How to Run\n\nRun MemoryDumper_x86.exe (32-bit) or MemoryDumper_x64.exe (64-bit).\n\nCheck the example file with regular expressions [here](https://github.com/ivan-sincek/memory-dumper/blob/main/files/expressions.txt).\n\n## Manual Memory Dumping\n\nTo manually dump a process memory, open Task Manager -\u003e right click on the desired process -\u003e click on `Create dump file`.\n\n## Manual Memory Inspection\n\nThe following was tested on Kali Linux v2023.1 (64-bit).\n\nInstall the required tools on your Kali Linux:\n\n```bash\napt-get -y install strings radare2 grep\n```\n\nI prefer using `rabin2` over `strings`.\n\n### rabin2\n\nInspect memory dump, binary, executable, or any other files:\n\n```bash\nrabin2 -zzzqq somefile | grep -Pi '(keyword-1|keyword-2|keyword-3)'\n\nrabin2 -zzzqq somefile | sort -uf \u003e strings.txt\n```\n\nAutomate file inspection from the current directory:\n\n```bash\nIFS=$'\\n'; for file in $(find . -type f); do echo -n \"\\nFILE: \\\"${file}\\\"\\n\"; rabin2 -zzzqq \"${file}\" 2\u003e/dev/null | grep -Pi '(keyword-1|keyword-2|keyword-3)'; done\n\nIFS=$'\\n'; for file in $(find . -type f); do rabin2 -zzzqq \"${file}\" 2\u003e/dev/null; done | sort -uf \u003e strings.txt\n```\n\n### strings\n\nInspect memory dump, binary, executable, or any other files:\n\n```bash\nstrings somefile | grep -Pi '(keyword-1|keyword-2|keyword-3)'\n\nstrings somefile | sort -uf \u003e strings.txt\n```\n\nAutomate file inspection from the current directory:\n\n```bash\nIFS=$'\\n'; for file in $(find . -type f); do echo -n \"\\nFILE: \\\"${file}\\\"\\n\"; strings \"${file}\" 2\u003e/dev/null | grep -Pi '(keyword-1|keyword-2|keyword-3)'; done\n\nIFS=$'\\n'; for file in $(find . -type f); do strings \"${file}\" 2\u003e/dev/null; done | sort -uf \u003e strings.txt\n```\n\n## Images\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/ivan-sincek/memory-dumper/blob/main/img/run.jpg\" alt=\"Run\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eFigure 1 - Run\u003c/p\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fmemory-dumper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivan-sincek%2Fmemory-dumper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fmemory-dumper/lists"}