- Decoding Crash Dumps
- Get the crash dump
- Getting the stacktrace (without symbols)
- Get the debugging symbols
- Decoding Windows crash dumps on Linux
- Decoding Mac crash dumps
- Thread: What program in ubuntu would i use to view Windows DMP files?
- Read Windows .DMP files?
- What program in ubuntu would i use to view Windows DMP files?
- Re: What program in ubuntu would i use to view Windows DMP files?
- Re: What program in ubuntu would i use to view Windows DMP files?
- Re: What program in ubuntu would i use to view Windows DMP files?
- Bookmarks
- Posting Permissions
- How to extract information from .DMP files
Decoding Crash Dumps
The tools from Breakpad needed to process crash dumps manually are minidump_stackwalk and dump_syms. It is possible to build these tools from source from within a Chromium checkout on Mac and Linux by running, for example, ninja -C out/Release minidump_stackwalk dump_syms. To build these tools from source in a Breakpad checkout, check out the source from http://code.google.com/p/google-breakpad/ and follow the included instructions.
Get the crash dump
Crash dumps (.dmp files) usually come from a crash server i.e. http://crash/ or from the crash reports directory: /path/to/profile/Crash Reports. I.e. ~/.config/google-chrome/Crash Reports/ on Linux. For Linux crash dumps that are in the crash reports directory, one must strip off the headers before processing it with minidump_stackwalk. Just open the file in a text editor and delete all the lines up until the line that starts with MDMP followed by binary data.
Getting the stacktrace (without symbols)
Run minidump_stackwalk foo.dmp. For 32-bit, minidump_stackwalk will display the stacktrace without symbols. For 64-bit, it will only display the top frame.
Get the debugging symbols
To get symbols or more frames, one needs to have the symbols for the libraries and executables that are part of the stacktrace. The easiest way is to run a tool that will generate the right directory structure: components/crash/content/tools/generate_breakpad_symbols.py —build-dir=out/gnand —symbols-dir=/tmp/my_symbols/ —binary=out/gnand/lib.unstripped/libchrome.so —clear —verbose To do the same thing manually, start by running: minidump_stackwalk foo.dmp /tmp/my_symbols 2>&1 | grep my_symbols This will print out lines like: [time stamp] simple_symbol_supplier.cc:150: INFO: No symbol file at /tmp/my_symbols/libfoo/hash/libfoo.sym. In order to get the symbol file for libfoo, one needs to have a copy of the exact libfoo binary from the system that generated the crash and its corresponding debugging symbols. Oftentimes, Linux distros provide libfoo and its debugging symbols as two separate packages. In the chrome build, you’ll need an unstripped binary — official builds generate these by default somewhere. After obtaining and extracting the packages, use dump_syms to extract the symbols. Assuming the library in question is /lib/libfoo.so and its debugging symbol is /usr/debug/lib/libfoo.so, run: dump_syms /lib/libfoo.so /usr/debug/lib > /tmp/libfoo.so.sym To verify it’s the correct version of libfoo, look at the hash from the minidump_stackwalk output and compare it to the hash on the first line. If they match, move /tmp/libfoo.sym to /tmp/my_symbols/libfoo.so/hash/libfoo.so.sym and minidump_stackwalk will load it on future runs to give better stacktraces. Repeat this process for other libraries until minidump_stackwalk outputs the required information.
Decoding Windows crash dumps on Linux
- Obtain the .pdb file and put it on a Windows machine. (It may be possible to do this with Wine, YMMV.)
- Download dump_syms.exe.
- Run: dump_syms foo.pdb > foo.sym
- If no error messages, then go to the last step
- If you get: CoCreateInstance CLSID_DiaSource failed (msdia80.dll unregistered?), go to step 4.
- Get a copy of msdia80.dll and put it in c:\Program Files\Common Files\Microsoft Shared\VC\.
- As Administrator, run: regsvr32 c:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll.
- On success, retry step 3.
- If you get error 0x80004005, you did not run as Administrator.
- Create a symbol-server directory layout
- Find the GUID/age descriptor (printed on the «No symbols» line if symbols can’t be found)
- Create a directory of the form symbols/foo.pdb/GUIDandAge, similar to symbol-server layout, and put foo.sym in that directory. Note that the directory name is foo.pdb but the file name is foo.sym. For instance:
- 0x7ff77ead0000 — 0x7ff77eb6efff main.exe . (main) (WARNING: No symbols, main.pdb, B7B61AB08C8345248B45D99552B0100C1)
- mkdir -p symbols/main.pdb/B7B61AB08C8345248B45D99552B0100C1
- cp main.sym symbols/main.pdb/B7B61AB08C8345248B45D99552B0100C1
- Run minidump_stackwalk on Linux specifying the crash dump and the symbols directory:
- minidump_stackwalk foo.dmp symbols
Decoding Mac crash dumps
If you’ve built Chromium.app with symbols, the easiest way to symbolize a crash is to let Crashpad forward the crash to the system crash reporter. See set_system_crash_reporter_forwarding.
Thread: What program in ubuntu would i use to view Windows DMP files?
5 Cups of Ubuntu
Read Windows .DMP files?
5 Cups of Ubuntu
What program in ubuntu would i use to view Windows DMP files?
My friends system does not get past the login screen and since i have remote access only im trying to help him via ubuntu livecd. Does anyone have any suggestions besides deleting windows? He’s a gamer so naturally windows is a must for him.
I Ubuntu, Therefore, I Am
Re: What program in ubuntu would i use to view Windows DMP files?
One thread per issue please.
5 Cups of Ubuntu
Re: What program in ubuntu would i use to view Windows DMP files?
Originally Posted by not found
One thread per issue please.
Extra Foam Sugar Free Ubuntu
Join Date Apr 2007 Location Upstate NY, USA Beans 769 —> Beans 769 Distro Ubuntu 12.10 Quantal Quetzal
Re: What program in ubuntu would i use to view Windows DMP files?
For the .dmp files, they are memory dump files and you’ll need a windows program based on This knowledgebase article.
If you friend is running windows and is having trouble logging in, I think he’d get faster help on a windows forum.
- Site Areas
- Settings
- Private Messages
- Subscriptions
- Who’s Online
- Search Forums
- Forums Home
- Forums
- The Ubuntu Forum Community
- Ubuntu Official Flavours Support
- New to Ubuntu
- General Help
- Installation & Upgrades
- Hardware
- Desktop Environments
- Networking & Wireless
- Multimedia Software
- Ubuntu Specialised Support
- Ubuntu Development Version
- Security
- Virtualisation
- Ubuntu Servers, Cloud and Juju
- Server Platforms
- Ubuntu Cloud and Juju
- Gaming & Leisure
- Emulators
- Wine
- Development & Programming
- Packaging and Compiling Programs
- Development CD/DVD Image Testing
- Ubuntu Application Development
- Ubuntu Dev Link Forum
- Programming Talk
- Repositories & Backports
- Ubuntu Backports
- Bug Reports / Support
- Ubuntu Backports
- System76 Support
- Apple Hardware Users
- Ubuntu Community Discussions
- Ubuntu, Linux and OS Chat
- Recurring Discussions
- Full Circle Magazine
- The Cafe
- Cafe Games
- Market
- Mobile Technology Discussions (CLOSED)
- Announcements & News
- Weekly Newsletter
- Membership Applications
- The Fridge Discussions
- Forum Council Agenda
- Forum Feedback & Help
- Request a LoCo forum
- Resolution Centre
- Ubuntu, Linux and OS Chat
- Other Discussion and Support
- Other OS Support and Projects
- Other Operating Systems
- Ubuntu/Debian BASED
- Debian
- MINT
- Arch and derivatives
- Fedora/RedHat and derivatives
- Mandriva/Mageia
- Slackware and derivatives
- openSUSE and SUSE Linux Enterprise
- Mac OSX
- PCLinuxOS
- Gentoo and derivatives
- Windows
- BSD
- Any Other OS
- Other Operating Systems
- Assistive Technology & Accessibility
- Art & Design
- Education & Science
- Documentation and Community Wiki Discussions
- Tutorials
- Outdated Tutorials & Tips
- Ubuntu Women
- Ubuntu LoCo Team Forums
- Americas LoCo Teams
- Argentina Team
- Software
- Hardware
- Comunidad
- Arizona Team — US
- Arkansas Team — US
- Brazil Team
- California Team — US
- Canada Team
- Centroamerica Team
- Chile Team
- Comunidad
- Hardware
- Software
- Instalaci�n y Actualizaci�n
- Colombia Team — Colombia
- Georgia Team — US
- Illinois Team
- Indiana — US
- Kentucky Team — US
- Maine Team — US
- Minnesota Team — US
- Mississippi Team — US
- Nebraska Team — US
- New Mexico Team — US
- New York — US
- North Carolina Team — US
- Ohio Team — US
- Oklahoma Team — US
- Oregon Team — US
- Pennsylvania Team — US
- Peru Team
- Texas Team — US
- Uruguay Team
- Utah Team — US
- Virginia Team — US
- West Virginia Team — US
- Argentina Team
- Asia and Oceania LoCo Teams
- Australia Team
- Bangladesh Team
- Hong Kong Team
- Myanmar Team
- Philippine Team
- Singapore Team
- Europe, Middle East, and African (EMEA) LoCo Teams
- Albania Team
- Catalan Team
- Portugal Team
- Egypt Team
- Georgia Team
- Ireland Team — Ireland
- Kenyan Team — Kenya
- Kurdish Team — Kurdistan
- Lebanon Team
- Morocco Team
- Saudi Arabia Team
- Sudan Team
- Tunisia Team
- Other Forums & Teams
- LoCo Archive
- Afghanistan Team
- Alabama Team — US
- Alaska Team — US
- Algerian Team
- Andhra Pradesh Team — India
- Austria Team
- Bangalore Team
- Bolivia Team
- Cameroon Team
- Colorado Team — US
- Connecticut Team
- Costa Rica Team
- Delhi Team
- Ecuador Team
- El Salvador Team
- Florida Team — US
- Galician LoCo Team
- Greek team
- Hawaii Team — US
- Honduras Team
- Idaho Team — US
- Iowa Team — US
- Jordan Team
- Kansas Team — US
- Libya Team
- Louisiana Team — US
- Maryland Team — US
- Massachusetts Team
- Michigan Team — US
- Missouri Team — US
- Montana Team — US
- Namibia Team
- Nevada Team — US
- New Hampshire Team — US
- New Jersey Team — US
- Northeastern Team — US
- Panama Team
- Paraguay Team
- Qatar Team
- Quebec Team
- Rhode Island Team — US
- Senegal Team
- South Carolina Team — US
- South Dakota Team — US
- Switzerland Team
- Tamil Team — India
- Tennessee Team — US
- Trinidad & Tobago Team
- Uganda Team
- United Kingdom Team
- US LoCo Teams
- Venezuela Team
- Wales Team
- Washington DC Team — US
- Washington State Team — US
- Wisconsin Team
- Yemen Team
- Za Team — South Africa
- Zimbabwe Team
- Americas LoCo Teams
- Other OS Support and Projects
- Ubuntu Official Flavours Support
Bookmarks
Bookmarks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
How to extract information from .DMP files
It is going to be a short article in which, we will try to create a .DMP file and will try to extract all info from that file. mostly, this topic is related to windows forensics. for this tutorial, you will require windows OS. but it’s ok if you don’t have it. I will provide you .DMP file for testing purposes. but I will suggest using Windows, so may get a better understanding of this article.
Well, have you ever heard about .DMP file? DMP is a file extension for the dump file format used by Windows to dump the memory of a crashed program into a file for later diagnostic analysis. DMP files created by Windows are named MINI000000-00.dmp where the zeros are replaced by the date and ending in a sequence number.
You can google .DMP file for more information.
As always, I am using Kali Linux. You can use any other Linux. We are going to use a tool named “Pypykatz”. yes I know, it sounds like “Mimikatz”. actually, it is a Mimikatz implementation in python. just so you can use Mimikatz in Linux too.
So first, we will need to install this tool on our Linux, Type this command:
git clone https://github.com/skelsec/pypykatz.git
But there is another method to do this. via pip, Type this command:
It is possible that you never heard of this tool before. But it is a great tool the same as Mimikatz. before going more further. I would like to tell you lsass.DMP . it is a jackpot if you find this file. its full form is “Local Security Authority Subsystem Service”. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. it means you can find passwords in its dump file.
Pypykatz is specially made for lsass.DMP file. It won’t work on other files. let’s grab some passwords from lsass.DMP . Type this command:
pypykatz lsa minidump lsass.DMP
You can create your own lsass.DMP file. Go to task manager > process> show all process
then Right-Click on any process and create a .DMP file.
Later, you will be able to find the file in AppData\Local\Temp .
But Pypykatz is only for lsass.DMP file. what if you want to analyze other files. then there is a very popular forensic tool called “Volatility” takes its place. It is a little bit complicated. I am saying so, because sometimes it doesn’t work.
There are many alternatives to the Volatility tool. We will discuss those in another post.