Tools and Source Code

CrashDD

This tool acts like the unix utility “dd” to copy files off the hard disk to some target disk, but instead of using the normal I/O path, it uses the crash dump path.  CrashDD is currently unreleased, but feel free to contact me directly with any relevant questions.

DmpFlt

I have released the source code for a crash dump filter driver that implements the file patching technique used in the Source Boston CTF challenge.  While some aspects of the source code are specific to the CTF challenge, the base driver code can be used as the basis for your own dump filter needs.

For details on the CTF challenge itself and related documentation, please visit the file patch page on the Use Cases section of this website.

LiveDump

This utility allows you to create triage and kernel dumps from user mode.  The triage dump feature works in older versions of windows, while the kernel dump feature is only available post-Windows 8.1.  Download version 1.0 or check out the source code.

DmpExt

A Windbg extension that lets you explore some basic information about the crash dump stack, including drivers loaded into the stack.  Download the Windows 8.0 x86 binary or the source code.

%d bloggers like this: