How to use the minidump.minidumpfile.MinidumpFile.parse function in minidump
To help you get started, we’ve selected a few minidump examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
skelsec / pypykatz / pypykatz / pypykatz.py View on Github 
def parse_minidump_file(filename):
try:
minidump = MinidumpFile.parse(filename)
reader = minidump.get_reader().get_buffered_reader()
sysinfo = KatzSystemInfo.from_minidump(minidump)
except Exception as e:
logger.exception('Minidump parsing error!')
raise e
try:
mimi = pypykatz(reader, sysinfo)
mimi.start()
except Exception as e:
#logger.info('Credentials parsing error!')
mimi.log_basic_info()
raise e
return mimidef parse_minidump_file(filename):
minidump = MinidumpFile.parse(filename)
reader = minidump.get_reader().get_buffered_reader()
sysinfo = KatzSystemInfo.from_minidump(minidump)
mimi = pypykatz(reader, sysinfo)
mimi.start()
return mimilogging.basicConfig(level=logging.INFO)
elif args.verbose == 1:
logging.basicConfig(level=logging.DEBUG)
else:
logging.basicConfig(level=1)
print(__banner__)
if args.interactive:
shell = MinidumpShell()
shell.do_open(args.minidumpfile)
shell.cmdloop()
else:
mf = MinidumpFile.parse(args.minidumpfile)
reader = mf.get_reader()
if args.all or args.threads:
if mf.threads is not None:
print(str(mf.threads))
if mf.threads_ex is not None:
print(str(mf.threads_ex))
if mf.thread_info is not None:
print(str(mf.thread_info))
if args.all or args.modules:
if mf.modules is not None:
print(str(mf.modules))
if mf.unloaded_modules is not None:
print(str(mf.unloaded_modules))
if args.all or args.memory:
if mf.memory_segments is not None:def __init__(self, *args, **kwargs):
if minidumpfile is None:
raise CLEError("Run `pip install minidump==0.0.10` to support loading minidump files")
super().__init__(*args, **kwargs)
self.os = 'windows'
self.supports_nx = True
if self.binary is None:
self._mdf = minidumpfile.MinidumpFile.parse_bytes(self._binary_stream.read())
else:
self._mdf = minidumpfile.MinidumpFile.parse(self.binary)
self.wow64 = False
if self.arch is None:
if getattr(self._mdf, 'sysinfo', None) is None:
raise MinidumpMissingStreamError('SystemInfo', 'The architecture was not specified')
arch = self._mdf.sysinfo.ProcessorArchitecture
if arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.AMD64:
if any(module.name.endswith('wow64.dll') for module in self._mdf.modules.modules):
self.wow64 = True
self.set_arch(archinfo.ArchX86())
else:
self.set_arch(archinfo.ArchAMD64())
elif arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.INTEL:
self.set_arch(archinfo.ArchX86())
else:minidump
Python library to parse Windows minidump file format
Package Health Score
77 / 100Popular minidump functions
- minidump.constants.MINIDUMP_STREAM_TYPE
- minidump.directory.MINIDUMP_DIRECTORY
- minidump.directory.MINIDUMP_DIRECTORY.get_stream_type_value
- minidump.header.MinidumpHeader
- minidump.minidumpfile.MinidumpFile
- minidump.minidumpfile.MinidumpFile.parse
- minidump.minidumpfile.MinidumpFile.parse_bytes
- minidump.minidumpreader.MinidumpBufferedMemorySegment
- minidump.StreamDirectory
- minidump.streams.HandleDataStream.MinidumpHandleDescriptor
- minidump.streams.MemoryListStream.MINIDUMP_MEMORY_DESCRIPTOR.parse
- minidump.streams.MiscInfoStream.MinidumpMiscInfo2Flags1
- minidump.streams.MiscInfoStream.MinidumpMiscInfoFlags1
- minidump.streams.ModuleListStream.VS_FIXEDFILEINFO
- minidump.streams.SystemInfoStream.PROCESSOR_ARCHITECTURE
- minidump.streams.SystemInfoStream.PROCESSOR_ARCHITECTURE.AMD64
- minidump.streams.SystemInfoStream.PROCESSOR_ARCHITECTURE.INTEL
- minidump.streamType
- minidump.utils.winapi.defines.Structure
- minidump.win_datatypes.POINTER