https://github.com/crisprss/goHashDumper

用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现
https://github.com/crisprss/goHashDumper

Last synced: 21 days ago
JSON representation

用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现

• Host: GitHub
• URL: https://github.com/crisprss/goHashDumper
• Owner: crisprss
• Created: 2021-12-13T14:02:30.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2021-12-13T14:19:39.000Z (almost 3 years ago)
• Last Synced: 2024-02-11T21:17:26.598Z (10 months ago)
• Size: 1.85 MB
• Stars: 25
• Watchers: 2
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - crisprss/goHashDumper - 用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现 (Others)

README

        
# goHashDumper

## Note

Dump内存都需要管理员权限

## Description 

基于Golang开发,用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现

## Usage

```

gohashdumper.exe -method 1 -out test.dmp -process lsass.exe

gohashdumper.exe -method 2 -path C:\tmp -pid 2333

  -method string

        choose Dump file Method(1 => MiniDumpW  2=> SilentExitDump) (default "1")

  -out string

        dump file name (default "lsass.dmp")

  -path string

        only method 2 need a filepath 

  -pid string

        If not use process name,it can support pid

  -process string

        Process to dump (default "lsass.exe")

 ```

 

 ## Example

 ![](https://github.com/crisprss/goHashDumper/blob/main/image.png)