def parse_minidump_buffer(buff, packages=['all']):
"""
Parses LSASS minidump file which contents are in a bytes buffer
buff: io.BytesIO object
"""
minidump = MinidumpFile.parse_buff(buff)
reader = minidump.get_reader().get_buffered_reader()
sysinfo = KatzSystemInfo.from_minidump(minidump)
mimi = pypykatz(reader, sysinfo)
mimi.start(packages)
return mimi
def parse_minidump_bytes(data, packages=['all']):
"""
Parses LSASS minidump file bytes.
data needs to be bytearray
"""
minidump = MinidumpFile.parse_bytes(data)
reader = minidump.get_reader().get_buffered_reader()
sysinfo = KatzSystemInfo.from_minidump(minidump)
mimi = pypykatz(reader, sysinfo)
mimi.start(packages)
return mimi
async def parse_minidump_external(handle, packages = ['all'], chunksize=10*1024): """ Parses LSASS minidump file based on the file object. File object can really be any object as longs as it implements read, seek, tell functions with the same parameters as a file object would. handle: file like object """ minidump = await AMinidumpFile.parse_external(handle) reader = minidump.get_reader().get_buffered_reader(chunksize) sysinfo = KatzSystemInfo.from_minidump(minidump) mimi = apypykatz(reader, sysinfo) await mimi.start(packages) return mimi
def parse_minidump_external(handle):
"""
Parses LSASS minidump file based on the file object.
File object can really be any object as longs as
it implements read, seek, tell functions with the
same parameters as a file object would.
handle: file like object
"""
minidump = MinidumpFile.parse_external(handle)
reader = minidump.get_reader().get_buffered_reader()
sysinfo = KatzSystemInfo.from_minidump(minidump)
mimi = pypykatz(reader, sysinfo)
mimi.start()
return mimi
def parse_minidump_file(filename, rdp_module, chunksize = 10*1024):
try:
minidump = MinidumpFile.parse(filename)
reader = minidump.get_reader().get_buffered_reader(segment_chunk_size=chunksize)
sysinfo = KatzSystemInfo.from_minidump(minidump)
except Exception as e:
logger.exception('Minidump parsing error!')
raise e
try:
mimi = RDPCredParser(None, reader, sysinfo, rdp_module)
mimi.start()
except Exception as e:
logger.info('Credentials parsing error!')
raise e
return [mimi]
async def parse_minidump_file(filename, packages = ['all'], chunksize=10*1024):
try:
minidump = await AMinidumpFile.parse(filename)
reader = minidump.get_reader().get_buffered_reader(chunksize)
sysinfo = KatzSystemInfo.from_minidump(minidump)
except Exception as e:
logger.exception('Minidump parsing error!')
raise e
try:
mimi = apypykatz(reader, sysinfo)
await mimi.start(packages)
except Exception as e:
#logger.info('Credentials parsing error!')
mimi.log_basic_info()
raise e
return mimi
def parse_minidump_file(filename):
try:
minidump = MinidumpFile.parse(filename)
reader = minidump.get_reader().get_buffered_reader()
sysinfo = KatzSystemInfo.from_minidump(minidump)
except Exception as e:
logger.exception('Minidump parsing error!')
raise e
try:
mimi = pypykatz(reader, sysinfo)
mimi.start()
except Exception as e:
#logger.info('Credentials parsing error!')
mimi.log_basic_info()
raise e
return mimi