udmp-parser 0.2.0

A Rust crate for parsing Windows user minidumps
Documentation
  • Coverage
  • 27.67%
    44 out of 159 items documented0 out of 0 items with examples
  • Size
  • Source code size: 73.01 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 6.79 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Links
  • 0vercl0k/udmp-parser-rs
    41 2 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • 0vercl0k

udmp-parser: A Rust crate for parsing Windows user minidumps

Crates.io Documentation Build status

This is a cross-platform crate that parses Windows user minidump dumps that you can generate via WinDbg or via right-click Create memory dump file in the Windows task manager.

parser

The library supports Intel 32-bit / 64-bit dumps and provides read access to things like:

  • The thread list and their context records,
  • The virtual memory,
  • The loaded modules.

Compiled binaries are available in the releases section.

Parser

The parser application is a small utility to show-case how to use the library and demonstrate its features. You can use it to dump memory, list the loaded modules, dump thread contexts, dump a memory map various, etc.

parser-usage

Here are the options supported:

parser.exe [-a] [-mods] [-mem] [-t [<TID>|main]] [-dump <addr>] <dump path>

Examples:
  Show all:
    parser.exe -a user.dmp
  Show loaded modules:
    parser.exe -mods user.dmp
  Show memory map:
    parser.exe -mem user.dmp
  Show all threads:
    parser.exe -t user.dmp
  Show thread w/ specific TID:
    parser.exe -t 1337 user.dmp
  Show foreground thread:
    parser.exe -t main user.dmp
  Show a memory page at a specific address:
    parser.exe -dump 0x7ff00 user.dmp

Authors

Contributors

contributors-img