A Cross-Platform C++ parser library for Windows kernel minidumps.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0vercl0k from gravatar.com 0vercl0k

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: 0vercl0k

Requires: Python >=3.8

Classifiers

Project description

Python building for kdmp-parser

Build status

This C++ library parses Windows kernel full dumps (.dump /f in WinDbg), BMP dumps (.dump /ka in WinDbg) as well as more recent dump types that were introduced in ~2022.

parser

The library supports loading 64-bit dumps and provides read access to things like:

  • The context record,
  • The exception record,
  • The bugcheck parameters,
  • The physical memory.

The Python bindings were authored by hugsy & masthoon. Refer to the project page on Github for documentation, issues and pull requests.

Installing from PyPI

The easiest way is simply to:

pip install kdmp_parser

Installing using PIP

Run the following after installing CMake and Python 3.8+ / pip:

cd src/python
pip install requirements.txt
pip install .

To create a wheel pacakge:

cd src/python
pip wheel .

Usage

Get context, print the program counter

import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
assert dmp.type == kdmp_parser.DumpType.FullDump
print(f"Dump RIP={dmp.context.Rip:#x}")

Read a virtual memory page at address pointed by RIP

import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
dmp.read_virtual_page(dmp.context.Rip)

Explore the physical memory

import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
pml4 = dmp.directory_table_base
print(f"{pml4=:#x}")
dmp.read_physical_page(pml4)

Translate a virtual address into a physical address

import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
VA = dmp.context.Rip
PA = dmp.translate_virtual(VA)
print(f"{VA=:#x} -> {PA=:#x}")

Authors

Contributors

contributors-img

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0vercl0k from gravatar.com 0vercl0k

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: 0vercl0k

Requires: Python >=3.8

Classifiers

Release history Release notifications | RSS feed

This version

0.7.2

0.7.1

0.7.0

0.6.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

kdmp_parser-0.7.2-cp312-abi3-win_amd64.whl (82.1 kB view hashes)

Uploaded CPython 3.12+ Windows x86-64

kdmp_parser-0.7.2-cp312-abi3-win32.whl (74.5 kB view hashes)

Uploaded CPython 3.12+ Windows x86

kdmp_parser-0.7.2-cp312-abi3-manylinux_2_35_x86_64.whl (73.0 kB view hashes)

Uploaded CPython 3.12+ manylinux: glibc 2.35+ x86-64

kdmp_parser-0.7.2-cp312-abi3-macosx_12_0_x86_64.whl (68.1 kB view hashes)

Uploaded CPython 3.12+ macOS 12.0+ x86-64

kdmp_parser-0.7.2-cp311-cp311-win_amd64.whl (82.6 kB view hashes)

Uploaded CPython 3.11 Windows x86-64

kdmp_parser-0.7.2-cp311-cp311-win32.whl (74.8 kB view hashes)

Uploaded CPython 3.11 Windows x86

kdmp_parser-0.7.2-cp311-cp311-manylinux_2_35_x86_64.whl (73.6 kB view hashes)

Uploaded CPython 3.11 manylinux: glibc 2.35+ x86-64

kdmp_parser-0.7.2-cp311-cp311-macosx_12_0_x86_64.whl (68.6 kB view hashes)

Uploaded CPython 3.11 macOS 12.0+ x86-64

kdmp_parser-0.7.2-cp310-cp310-win_amd64.whl (82.8 kB view hashes)

Uploaded CPython 3.10 Windows x86-64

kdmp_parser-0.7.2-cp310-cp310-win32.whl (75.0 kB view hashes)

Uploaded CPython 3.10 Windows x86

kdmp_parser-0.7.2-cp310-cp310-manylinux_2_35_x86_64.whl (73.8 kB view hashes)

Uploaded CPython 3.10 manylinux: glibc 2.35+ x86-64

kdmp_parser-0.7.2-cp310-cp310-macosx_12_0_x86_64.whl (68.8 kB view hashes)

Uploaded CPython 3.10 macOS 12.0+ x86-64

kdmp_parser-0.7.2-cp39-cp39-win_amd64.whl (83.2 kB view hashes)

Uploaded CPython 3.9 Windows x86-64

kdmp_parser-0.7.2-cp39-cp39-win32.whl (75.3 kB view hashes)

Uploaded CPython 3.9 Windows x86

kdmp_parser-0.7.2-cp39-cp39-manylinux_2_35_x86_64.whl (73.9 kB view hashes)

Uploaded CPython 3.9 manylinux: glibc 2.35+ x86-64

kdmp_parser-0.7.2-cp39-cp39-macosx_12_0_x86_64.whl (68.9 kB view hashes)

Uploaded CPython 3.9 macOS 12.0+ x86-64

kdmp_parser-0.7.2-cp38-cp38-win_amd64.whl (83.2 kB view hashes)

Uploaded CPython 3.8 Windows x86-64

kdmp_parser-0.7.2-cp38-cp38-win32.whl (75.3 kB view hashes)

Uploaded CPython 3.8 Windows x86

kdmp_parser-0.7.2-cp38-cp38-manylinux_2_35_x86_64.whl (73.9 kB view hashes)

Uploaded CPython 3.8 manylinux: glibc 2.35+ x86-64

kdmp_parser-0.7.2-cp38-cp38-macosx_12_0_x86_64.whl (69.0 kB view hashes)

Uploaded CPython 3.8 macOS 12.0+ x86-64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page