Skip to content
/ goHashDumper Public

用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现

25 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

crisprss/goHashDumper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
gohashdumper.exe
gohashdumper.exe
 
 
image.png
image.png
 
 

Repository files navigation

goHashDumper

Note

Dump内存都需要管理员权限

Description

基于Golang开发,用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现

Usage

gohashdumper.exe -method 1 -out test.dmp -process lsass.exe
gohashdumper.exe -method 2 -path C:\tmp -pid 2333
  -method string
        choose Dump file Method(1 => MiniDumpW  2=> SilentExitDump) (default "1")
  -out string
        dump file name (default "lsass.dmp")
  -path string
        only method 2 need a filepath 
  -pid string
        If not use process name,it can support pid
  -process string
        Process to dump (default "lsass.exe")

Example

About

用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现

Resources

Readme
Activity

Stars

25 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published