├── README.md
├── gohashdumper.exe
└── image.png


/README.md:
--------------------------------------------------------------------------------
 1 | # goHashDumper
 2 | 
 3 | ## Note
 4 | Dump内存都需要管理员权限
 5 | 
 6 | ## Description 
 7 | 基于Golang开发,用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现
 8 | 
 9 | ## Usage
10 | ```
11 | gohashdumper.exe -method 1 -out test.dmp -process lsass.exe
12 | gohashdumper.exe -method 2 -path C:\tmp -pid 2333
13 |   -method string
14 |         choose Dump file Method(1 => MiniDumpW  2=> SilentExitDump) (default "1")
15 |   -out string
16 |         dump file name (default "lsass.dmp")
17 |   -path string
18 |         only method 2 need a filepath 
19 |   -pid string
20 |         If not use process name,it can support pid
21 |   -process string
22 |         Process to dump (default "lsass.exe")
23 |  ```
24 |  
25 |  ## Example
26 |  ![](https://github.com/crisprss/goHashDumper/blob/main/image.png)
27 | 


--------------------------------------------------------------------------------
/gohashdumper.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crisprss/goHashDumper/a3598588c6de58ce7dbc06d119fb04201f75dd17/gohashdumper.exe


--------------------------------------------------------------------------------
/image.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crisprss/goHashDumper/a3598588c6de58ce7dbc06d119fb04201f75dd17/image.png


--------------------------------------------------------------------------------