An easy-to-use library for emulating code in minidump files.
Project description
dumpulator
Note: This is a work-in-progress prototype, please treat it as such.
An easy-to-use library for emulating code in minidump files.
Example
The example below opens StringEncryptionFun_x64.dmp
(download a copy here), allocates some memory and calls the decryption function at 0x140001000
to decrypt the string at 0x140017000
:
from dumpulator import Dumpulator
dp = Dumpulator("StringEncryptionFun_x64.dmp")
temp_addr = dp.allocate(256)
dp.call(0x140001000, [temp_addr, 0x140017000])
decrypted = dp.read_str(temp_addr)
print(f"decrypted: '{decrypted}'")
The test.dmp
is collected at the entry point of the tests/StringEncryptionFun
example. You can get the compiled binaries for StringEncryptionFun
here
Collecting the dump
There is a simple x64dbg plugin available called MiniDumpPlugin. To create a dump, pause execution and execute the command MiniDump my.dmp
.
Installation
python -m pip install dumpulator
To install from source:
python setup.py install
Install for a development environment:
python setup.py develop
Credits
- herrcore for inspiring me to make this
- secret club
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.