Generates a full-memory minidump of a process

Generates a full-memory minidump of a process

The original source of this function is available on Github here

You can use this function to generate a process dump file using Powershell.

Description and how to use this function :

SYNOPSIS

Generates a full-memory minidump of a process.

PowerSploit Function: Out-Minidump
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None

DESCRIPTION

Out-Minidump writes a process dump file with all process memory to disk.
This is similar to running procdump.exe with the ‘-ma’ switch.

PARAMETER Process

Specifies the process for which a dump will be generated. The process object
is obtained with Get-Process.

PARAMETER DumpFilePath

Specifies the path where dump files will be written. By default, dump files
are written to the current working directory. Dump file names take following
form: processname_id.dmp

EXAMPLE

EXAMPLE

EXAMPLE

INPUTS

System.Diagnostics.Process

You can pipe a process object to Out-Minidump.

OUTPUTS

System.IO.FileInfo

This script is a part of a tool suite available here. This script can be combined with mimikatz tool to get information from a dump file from the process lsass.


References

Source

Github

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.