MiniDump

alternative to procdump written in C# (perfect for execute-assembly) and C.

Usage

MiniDumpCs.exe PID

> MiniDumpCs.exe 620
MiniDumpWriteDump found at 0x000007FEE3891EF0
Trying to dump PID: 620
Process HANDLE 0x0000000000000024
memory.dmp HANDLE 0x0000000000000028
Process Completed (1)(87)

Compiling the C version

For 64 bits systems

x86_64-w64-mingw32-gcc.exe dump.c -o dump64.exe

For 32 bits systems

mingw32-gcc.exe dump.c -o dump.exe

EDRs bypass

Both the C and C# version offer a 64 bits version that is patching the code to avoid user mode hook put in place by most EDRs.

Credit

Mr.Un1k0d3r RingZer0 Team

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
MiniDump.exe		MiniDump.exe
MiniDumpCs.exe		MiniDumpCs.exe
README.md		README.md
dump.c		dump.c
dump.cs		dump.cs
safe-against-edr-minidump-csharp64.cs		safe-against-edr-minidump-csharp64.cs
safe-against-edr-minidump64.c		safe-against-edr-minidump64.c

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

MiniDump

Usage

Compiling the C version

EDRs bypass

Credit

About

Releases

Packages

Languages

rvrsh3ll/MiniDump

Folders and files

Latest commit

History

Repository files navigation

MiniDump

Usage

Compiling the C version

EDRs bypass

Credit

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages