A Cross-Platform C++ parser library for Windows kernel minidumps.
Project description
Python building for kdmp-parser
This C++ library parses Windows kernel full dumps (.dump /f
in WinDbg) as well as BMP dumps (.dump /ka
in WinDbg).
The library supports loading 64-bit dumps and provides read access to things like:
- The context record,
- The exception record,
- The bugcheck parameters,
- The physical memory.
The Python bindings were authored by hugsy & masthoon. Refer to the project page on Github for documentation, issues and pull requests.
Installing from PyPI
The easiest way is simply to:
pip install kdmp_parser
Examples
Get context, print the program counter
import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
assert dmp.type == kdmp_parser.DumpType.FullDump
ctx = dmp.context
print(f"Dump RIP={ctx.Rip:#x}")
Read a virtual memory page at address pointed by RAX
import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
dmp.read_virtual_page(ctx.Rax)
Explore the physical memory
import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
pml4 = dmp.directory_table_base
print(f"{pml=:#x}")
dmp.read_physical_page(pml4)
Translate a virtual address into a physical address
import kdmp_parser
dmp = kdmp_parser.KernelDumpParser("full.dmp")
VA = dmp.Rip
PA = dmp.translate_virtual(VA)
print(f"{VA=:#x} -> {PA=:#x}")
Build
Run the following after installing CMake and Python 3.8+ / pip
:
pip install -r src/python/requirements.txt
pip install src/python
Authors
- Axel '@0vercl0k' Souchet
Contributors
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distributions
Close
Hashes for kdmp_parser-0.6.0-cp312-abi3-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 05619308e014a3ce0d0342c95fb764764925970de02b678697bcd8f4942b113b |
|
MD5 | a44cd0ca23bf4b99ae19ccf28047c849 |
|
BLAKE2b-256 | c31fac1cfae335c99dbb6b21ca7dfb567571db6a95fcb6953a604e46c1514840 |
Close
Hashes for kdmp_parser-0.6.0-cp312-abi3-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1a6d911d9b3ca46dfba8e6b6a2f17095b52798d41c3dfa090a4ef9d30090076b |
|
MD5 | e18cc3e8cb3b680cff96e001bd91aaca |
|
BLAKE2b-256 | 16cdf6445da6b8620525dcae6df7cdbb07838933ab18dcf8bcec5ba15350d11a |
Close
Hashes for kdmp_parser-0.6.0-cp312-abi3-manylinux_2_35_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d18fce54d6ca10c71e624ade27f9cb2a6239750e036654deb31b44e7d6442525 |
|
MD5 | e008028880f61d55b1f53c41618cab7e |
|
BLAKE2b-256 | c4623516ba4586eb9403829ffab4c5e65dee8f3d5f57cdf7228f998d3407ebb6 |
Close
Hashes for kdmp_parser-0.6.0-cp312-abi3-macosx_12_0_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 70cb6d1b654210860e1655a1ecbf0c27a1a94239eafdf5e5a89321d94d23e64d |
|
MD5 | 608494a9e3e0a2f67123982f8e549801 |
|
BLAKE2b-256 | 35363d330b11c868a90acf71c95ab4f5e3182f8a9cd4c6aa8bcccd221ab0ed4a |
Close
Hashes for kdmp_parser-0.6.0-cp311-cp311-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | da39bdb9084edb40d580f7b46a04131d0af59695f5bcb2bb9062a57d986e809b |
|
MD5 | 0e165b36c91e08d8022e0b635c8930a9 |
|
BLAKE2b-256 | 0dcf7a191261d6d1f9b71a35d73664ee0831bae63408ef45dd0efe74f77daf41 |
Close
Hashes for kdmp_parser-0.6.0-cp311-cp311-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a3d4dc730bad5a7dba452c2d6c7b474fe2e75acea723c4525285c723667d8643 |
|
MD5 | be971e7d345d3c7d61a31881a7c716e5 |
|
BLAKE2b-256 | 3ab6fb2468b6256490849ebbcec4e0ca70eb509c9f9cf0bc012e3d8f8e92e608 |
Close
Hashes for kdmp_parser-0.6.0-cp311-cp311-manylinux_2_35_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b7afc3774456e2eced549717ceafb22b5213575792df01a08f320c6f335ed568 |
|
MD5 | 1e1c917482f49bed3ae91c14c9f5aeb0 |
|
BLAKE2b-256 | 4ef0493b3c251387082e634885dbc4e48490c219222701df20b14351466dfb51 |
Close
Hashes for kdmp_parser-0.6.0-cp311-cp311-macosx_12_0_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 631bb8329062cbfb51cd52e8f03e2ee5d58478168731ce766c968d11b5377c97 |
|
MD5 | 35bb5e4a81ef30df34559571c314ad87 |
|
BLAKE2b-256 | 08f88c70bd4f996a92b5a1e75ad631b61b89b166f311c2fce55d1d3227640c32 |
Close
Hashes for kdmp_parser-0.6.0-cp310-cp310-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 14977ce25f83976d40a351579be25d0dd4be8de127ceb005373f15a823783760 |
|
MD5 | 8b5668e6a07a8828459534a097573a13 |
|
BLAKE2b-256 | c07007ed5e84f00c9aae3520b1d100fcfc5caff820bbe23c4361e9c191637331 |
Close
Hashes for kdmp_parser-0.6.0-cp310-cp310-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 295f6645763eb27509c191fd7a95b87036d51abcd7de0df5f324d5e1739736c7 |
|
MD5 | 28892e20959200c9495ffb9e4b301865 |
|
BLAKE2b-256 | ac56eb73104608ee6537599b43a1e26f67f89301eb66f6a644a387a97d1765ff |
Close
Hashes for kdmp_parser-0.6.0-cp310-cp310-manylinux_2_35_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f9a91169e7754c2e25f710cdcbab0c3b2298812ab9ef60fc53c38ce37360133c |
|
MD5 | 855d5e9a99354ce17cfc8e7e6c3b625b |
|
BLAKE2b-256 | 871489568b50a137abc65f8338284d048bae7f362d502bc679bb2f341eeba38b |
Close
Hashes for kdmp_parser-0.6.0-cp310-cp310-macosx_12_0_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8f305f63429aaac0d2e2cc68e16d350e02d14f06b344d1a91e8726642e0fce6a |
|
MD5 | accdff45811aa05640d9026ebcc8dc03 |
|
BLAKE2b-256 | 73ab55caa1f201676d7df8226dca1c63969ecb0b4ef2166a6f66d65e2947af6b |
Close
Hashes for kdmp_parser-0.6.0-cp39-cp39-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b0bef739238585ccd23873e31d93280f43164f9a79670683a217d1a338a81ce6 |
|
MD5 | 9e55e5e1b6c8bbd34ac13025965433d2 |
|
BLAKE2b-256 | 7e48d4d98197ad1bcf89f24bf0cdc3afd0b15ecfc37d252143447476488e80c5 |
Close
Hashes for kdmp_parser-0.6.0-cp39-cp39-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | fb646e5c7bc747a8a2c61d5884aa3818f8bb6475a54a872e04c1b80ff7acb90b |
|
MD5 | 4cc981698a512d6b3a234aa3dc596fdb |
|
BLAKE2b-256 | aa0add295f7159e31b67518d0097542c9ea0caad31714577b700100650574921 |
Close
Hashes for kdmp_parser-0.6.0-cp39-cp39-manylinux_2_35_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9f7e3ca1aa622829dfedf95fddb17d84b358e226abfa6658dba694033ac45db4 |
|
MD5 | 92c92bb791a3a6b41ec5ea5c135e163b |
|
BLAKE2b-256 | ff9d71c7a513bfa23408b66dcfa31226cc23cd2ca0d5c048fa2f2154d0c9586b |
Close
Hashes for kdmp_parser-0.6.0-cp39-cp39-macosx_12_0_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 966c708d7820f09298a77b7adf6b908b229991bafb9b3b5e6c559d68f55db591 |
|
MD5 | 9d86cc1f18abf9210965cc24e463d8d5 |
|
BLAKE2b-256 | 8803b298a2e92144d1b6aa0729b72615a31b25f24bd2f8eeeb951a8ac9657fc3 |
Close
Hashes for kdmp_parser-0.6.0-cp38-cp38-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d8bc780507798ba21c9e53e37a98050cc1136cd673cf430fd98d65f2a00d03f5 |
|
MD5 | decd9bac76f252bdde8b8cc90464d34f |
|
BLAKE2b-256 | 52e31ec1c5f4c2e557ec7c8b22ed72ee941ecf1421f7d855dd0789d080a45859 |
Close
Hashes for kdmp_parser-0.6.0-cp38-cp38-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c7949e38a992af1c97d0d9758740d3ac3cc7583d69c142573ba27565c40371a1 |
|
MD5 | 2ae3a6c71765d0ccb74f0780f5d49562 |
|
BLAKE2b-256 | 813db224d2cff58e06e15df202e45f8c668b0369a68c91f535e04aef1ba774e0 |
Close
Hashes for kdmp_parser-0.6.0-cp38-cp38-manylinux_2_35_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 73bd2bf2f725200077facccd9eb6742deff8bcc680de3cd68f0a2c5e394edd71 |
|
MD5 | 08fb4a6bf759fe6b894efa20d8572d0a |
|
BLAKE2b-256 | 9cb7b608d7d89699d7cbfcaf85a73a2da49fc1635215ae48b1a8d2e31aa871bb |
Close
Hashes for kdmp_parser-0.6.0-cp38-cp38-macosx_12_0_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 57727619855fc9d9ab7df57f55a48fdbf5a409d8e2b2b1feeb4bc64f61f69931 |
|
MD5 | d67ad85d72d15a9bf9435e2155620e1a |
|
BLAKE2b-256 | d9734347202fadfbbe3ae66b21e5c14b1224da975e75e04a89ef7b6ff6bd7933 |