Load a ProcDump memory dump into a Pandas DataFrame
Project description
ProcDump memory dump to Pandas DataFrame
# Download ProcDump: https://learn.microsoft.com/pt-br/sysinternals/downloads/procdump
# I had to make some changes to winappdbg
# If you get an Exception, download https://github.com/hansalemaos/a_pandas_ex_memorydump_to_df/blob/main/winappdbg.zip
# and overwrite all files in Lib\site-packages\winappdbg
$pip install a-pandas-ex-memorydump-to-df
import pandas as pd
from a_pandas_ex_memorydump_to_df import pd_add_memorydf
pd_add_memorydf()
df = pd.Q_df_from_memory(
pid=9132, procdumppath=r"C:\Program Files\procdump.exe", with_utf8_bytes=False
) # with_utf8_bytes=True takes much more time!
The method will convert all bytes to every possible format which means, the DataFrame
might get huge.
# Notepad.exe
# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66
# 0 00000000 00010000 ... 46 46
# 1 00000000 00010010 ... 46 46
# 2 00000000 00010020 ... 46 46
# 3 00000000 00010030 ... 46 46
# 4 00000000 00010040 ... 46 46
# ... ... ... ... ...
# 64014 00007ff5 fffb0fc0 ... 46 46
# 64015 00007ff5 fffb0fd0 ... 46 46
# 64016 00007ff5 fffb0fe0 ... 46 46
# 64017 00007ff5 fffb0ff0 ... 46 46
# 64018 00007ff5 fffb1000 ... 0 0
# [64019 rows x 304 columns]
# df.size
# Out[16]: 19461776
# explorer.exe
# df
# Out[10]:
# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66
# 0 00000000 00010000 ... 46 46
# 1 00000000 00010010 ... 46 46
# 2 00000000 00010020 ... 46 46
# 3 00000000 00010030 ... 46 46
# 4 00000000 00010040 ... 46 46
# ... ... ... ... ...
# 3234712 00007ff5 fffb0fc0 ... 46 46
# 3234713 00007ff5 fffb0fd0 ... 46 46
# 3234714 00007ff5 fffb0fe0 ... 46 46
# 3234715 00007ff5 fffb0ff0 ... 46 46
# 3234716 00007ff5 fffb1000 ... 0 0
#
# [3234717 rows x 304 columns]
#
# df.size
# Out[11]: 983353968
# Location of the temp file (procdump)
# df.tmp_file_path
# Out[14]: 'C:\\Users\\Gamer\\AppData\\Local\\Temp\\tmpsypcc1g5.dmp'
# df.tmp_delete_file() $ file must be closed before
Let's compare the converted values with the ones from CheatEngine
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file a_pandas_ex_memorydump_to_df-0.11.tar.gz.
File metadata
- Download URL: a_pandas_ex_memorydump_to_df-0.11.tar.gz
- Upload date:
- Size: 9.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e45c9b3d17a2088b67f1cbff1b7579a662b5bd67bd7c7b6036a1c37074b68d23 |
|
| MD5 | 62761942c9d7ecd72811ecd445266157 |
|
| BLAKE2b-256 | 6ae56327980bff9a2218eda4db7b29065eb1ddc189d9b74b19950617d2119e36 |
File details
Details for the file a_pandas_ex_memorydump_to_df-0.11-py3-none-any.whl.
File metadata
- Download URL: a_pandas_ex_memorydump_to_df-0.11-py3-none-any.whl
- Upload date:
- Size: 10.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a885450697e4fce25c2a16b381835d37b1a154edc88b877ca25958c653f63b8a |
|
| MD5 | b35e729c855f99cc2a115714107b70b6 |
|
| BLAKE2b-256 | 8073e36daeccc68247b32e0176b8f5d7c4e0f02c8ca03331bea63efd6a6d3c5e |
