Load a ProcDump memory dump into a Pandas DataFrame
Project description
ProcDump memory dump to Pandas DataFrame
# Download ProcDump: https://learn.microsoft.com/pt-br/sysinternals/downloads/procdump
# I had to make some changes to winappdbg
# If you get an Exception, download https://github.com/hansalemaos/a_pandas_ex_memorydump_to_df/blob/main/winappdbg.zip
# and overwrite all files in Lib\site-packages\winappdbg
$pip install a-pandas-ex-memorydump-to-df
import pandas as pd
from a_pandas_ex_memorydump_to_df import pd_add_memorydf
pd_add_memorydf()
df = pd.Q_df_from_memory(
pid=9132, procdumppath=r"C:\Program Files\procdump.exe", with_utf8_bytes=False
) # with_utf8_bytes=True takes much more time!
The method will convert all bytes to every possible format which means, the DataFrame
might get huge.
# Notepad.exe
# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66
# 0 00000000 00010000 ... 46 46
# 1 00000000 00010010 ... 46 46
# 2 00000000 00010020 ... 46 46
# 3 00000000 00010030 ... 46 46
# 4 00000000 00010040 ... 46 46
# ... ... ... ... ...
# 64014 00007ff5 fffb0fc0 ... 46 46
# 64015 00007ff5 fffb0fd0 ... 46 46
# 64016 00007ff5 fffb0fe0 ... 46 46
# 64017 00007ff5 fffb0ff0 ... 46 46
# 64018 00007ff5 fffb1000 ... 0 0
# [64019 rows x 304 columns]
# df.size
# Out[16]: 19461776
# explorer.exe
# df
# Out[10]:
# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66
# 0 00000000 00010000 ... 46 46
# 1 00000000 00010010 ... 46 46
# 2 00000000 00010020 ... 46 46
# 3 00000000 00010030 ... 46 46
# 4 00000000 00010040 ... 46 46
# ... ... ... ... ...
# 3234712 00007ff5 fffb0fc0 ... 46 46
# 3234713 00007ff5 fffb0fd0 ... 46 46
# 3234714 00007ff5 fffb0fe0 ... 46 46
# 3234715 00007ff5 fffb0ff0 ... 46 46
# 3234716 00007ff5 fffb1000 ... 0 0
#
# [3234717 rows x 304 columns]
#
# df.size
# Out[11]: 983353968
# Location of the temp file (procdump)
# df.tmp_file_path
# Out[14]: 'C:\\Users\\Gamer\\AppData\\Local\\Temp\\tmpsypcc1g5.dmp'
# df.tmp_delete_file() $ file must be closed before
Let's compare the converted values with the ones from CheatEngine
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for a_pandas_ex_memorydump_to_df-0.11.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e45c9b3d17a2088b67f1cbff1b7579a662b5bd67bd7c7b6036a1c37074b68d23 |
|
| MD5 | 62761942c9d7ecd72811ecd445266157 |
|
| BLAKE2b-256 | 6ae56327980bff9a2218eda4db7b29065eb1ddc189d9b74b19950617d2119e36 |
Close
Hashes for a_pandas_ex_memorydump_to_df-0.11-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a885450697e4fce25c2a16b381835d37b1a154edc88b877ca25958c653f63b8a |
|
| MD5 | b35e729c855f99cc2a115714107b70b6 |
|
| BLAKE2b-256 | 8073e36daeccc68247b32e0176b8f5d7c4e0f02c8ca03331bea63efd6a6d3c5e |
