safetydump
Rust in-memory MiniDump implementation.
Features
- ntdll!NtGetNextProcess to obtain a handle for the desired ProcessId as opposed to kernel32!OpenProcess
- Functions dynmaically resolved
- Strings are obfuscated in lib.rs
This was written to integrate with the link command and control framework for dumping lsass remotely in memory.
Acknowledgments
@m0rv4i for the MinidumpCallbackRoutine implementation in SafetyDump.
@TheWover for NtGetNextProcess usage idea. It is also used in ProcessHacker.