Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/alexandernst/memory-dumper

A tool for dumping files from processes memory
https://github.com/alexandernst/memory-dumper

Last synced: 24 days ago
JSON representation

A tool for dumping files from processes memory

Host: GitHub
URL: https://github.com/alexandernst/memory-dumper
Owner: alexandernst
License: unlicense
Created: 2013-11-12T18:02:07.000Z (about 11 years ago)
Default Branch: master
Last Pushed: 2017-11-22T13:25:47.000Z (about 7 years ago)
Last Synced: 2024-11-14T21:37:52.498Z (28 days ago)
Language: C++
Size: 232 KB
Stars: 36
Watchers: 10
Forks: 15
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

AwesomeCppGameDev - memory-dumper

README

        What is memory-dumper

=============

memory-dumper is a tool for dumping files from process's memory.

The main purpose is to find patterns inside the process's memory,

which is done by plugins, and dump segments of memory to files.

Why would I use memory-dumper

=============

Virtually memory-dumper can dump anything, it's up to you find it

any use. That said, I use it to dump Flash files (```SWF```). There are

many ```SWF``` encrypted files that can't be decrypted easily. The only

easy way is make them decrypt themself and them dump them directly

from memory.

New plugins for dumping any other type of data can be created

easily.

How do I compile it?

=============

You'll need `meson`, `python3` and `ninja-build`. Once you have those, just run:

    mkdir build

    cd build

    meson ..

    ninja

How do I use it?

=============

Go to the `build` directory and run:

    sudo ./memory-dumper -p PID

to dump the memory of a process (`sudo` is required because `memory-dumper` must read the

memory of a process that doesn't own)

or

    ./memory-dumper -p /path/to/file.ext

to dump the content of a file.

Ok, I'd like to dump ```XYZ``` file

=============

You just need to create a plugin! It's that easy. Just look inside

the plugin folder. Your plugin should have two main functions.

The first one is ```init``` which will be used to init the plugin

itself and pass it some useful functions; and the second one is ```match```,

which is used to pass a memory block to the plugin so it can search

and dump it's content.

TO-DO:

=============

* Currently memory-dumper works only on Linux. Maybe I'll port it to

Windows at some point in the future, but I don't want to promise

anything. Anyways, I'll accept a patch for this :)

* I'm planning to write some more plugins. If you want a plugin for

some specific file type, use the ```New issue``` button :)

* Write some documentation about how to write a plugin.