Чем открыть dmp linux

Decoding Crash Dumps

The tools from Breakpad needed to process crash dumps manually are minidump_stackwalk and dump_syms. It is possible to build these tools from source from within a Chromium checkout on Mac and Linux by running, for example, ninja -C out/Release minidump_stackwalk dump_syms. To build these tools from source in a Breakpad checkout, check out the source from http://code.google.com/p/google-breakpad/ and follow the included instructions.

Get the crash dump

Crash dumps (.dmp files) usually come from a crash server i.e. http://crash/ or from the crash reports directory: /path/to/profile/Crash Reports. I.e. ~/.config/google-chrome/Crash Reports/ on Linux. For Linux crash dumps that are in the crash reports directory, one must strip off the headers before processing it with minidump_stackwalk. Just open the file in a text editor and delete all the lines up until the line that starts with MDMP followed by binary data.

Getting the stacktrace (without symbols)

Run minidump_stackwalk foo.dmp. For 32-bit, minidump_stackwalk will display the stacktrace without symbols. For 64-bit, it will only display the top frame.

Get the debugging symbols

To get symbols or more frames, one needs to have the symbols for the libraries and executables that are part of the stacktrace. The easiest way is to run a tool that will generate the right directory structure: components/crash/content/tools/generate_breakpad_symbols.py —build-dir=out/gnand —symbols-dir=/tmp/my_symbols/ —binary=out/gnand/lib.unstripped/libchrome.so —clear —verbose To do the same thing manually, start by running: minidump_stackwalk foo.dmp /tmp/my_symbols 2>&1 | grep my_symbols This will print out lines like: [time stamp] simple_symbol_supplier.cc:150: INFO: No symbol file at /tmp/my_symbols/libfoo/hash/libfoo.sym. In order to get the symbol file for libfoo, one needs to have a copy of the exact libfoo binary from the system that generated the crash and its corresponding debugging symbols. Oftentimes, Linux distros provide libfoo and its debugging symbols as two separate packages. In the chrome build, you’ll need an unstripped binary — official builds generate these by default somewhere. After obtaining and extracting the packages, use dump_syms to extract the symbols. Assuming the library in question is /lib/libfoo.so and its debugging symbol is /usr/debug/lib/libfoo.so, run: dump_syms /lib/libfoo.so /usr/debug/lib > /tmp/libfoo.so.sym To verify it’s the correct version of libfoo, look at the hash from the minidump_stackwalk output and compare it to the hash on the first line. If they match, move /tmp/libfoo.sym to /tmp/my_symbols/libfoo.so/hash/libfoo.so.sym and minidump_stackwalk will load it on future runs to give better stacktraces. Repeat this process for other libraries until minidump_stackwalk outputs the required information.

Decoding Windows crash dumps on Linux

1. Obtain the .pdb file and put it on a Windows machine. (It may be possible to do this with Wine, YMMV.)
2. Download dump_syms.exe.
3. Run: dump_syms foo.pdb > foo.sym
   • If no error messages, then go to the last step
   • If you get: CoCreateInstance CLSID_DiaSource failed (msdia80.dll unregistered?), go to step 4.
4. Get a copy of msdia80.dll and put it in c:\Program Files\Common Files\Microsoft Shared\VC\.
5. As Administrator, run: regsvr32 c:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll.
   • On success, retry step 3.
   • If you get error 0x80004005, you did not run as Administrator.
6. Create a symbol-server directory layout
   1. Find the GUID/age descriptor (printed on the «No symbols» line if symbols can’t be found)
   2. Create a directory of the form symbols/foo.pdb/GUIDandAge, similar to symbol-server layout, and put foo.sym in that directory. Note that the directory name is foo.pdb but the file name is foo.sym. For instance:
      • 0x7ff77ead0000 — 0x7ff77eb6efff main.exe . (main) (WARNING: No symbols, main.pdb, B7B61AB08C8345248B45D99552B0100C1)
      • mkdir -p symbols/main.pdb/B7B61AB08C8345248B45D99552B0100C1
      • cp main.sym symbols/main.pdb/B7B61AB08C8345248B45D99552B0100C1
   3. Run minidump_stackwalk on Linux specifying the crash dump and the symbols directory:
      • minidump_stackwalk foo.dmp symbols

   Decoding Mac crash dumps

   If you’ve built Chromium.app with symbols, the easiest way to symbolize a crash is to let Crashpad forward the crash to the system crash reporter. See set_system_crash_reporter_forwarding.

   Источник

   Thread: What program in ubuntu would i use to view Windows DMP files?

   5 Cups of Ubuntu

   Read Windows .DMP files?

   5 Cups of Ubuntu

   What program in ubuntu would i use to view Windows DMP files?

   My friends system does not get past the login screen and since i have remote access only im trying to help him via ubuntu livecd. Does anyone have any suggestions besides deleting windows? He’s a gamer so naturally windows is a must for him.

   

   I Ubuntu, Therefore, I Am

   Re: What program in ubuntu would i use to view Windows DMP files?

   One thread per issue please.

   5 Cups of Ubuntu

   Re: What program in ubuntu would i use to view Windows DMP files?

   Originally Posted by not found

   One thread per issue please.

   Extra Foam Sugar Free Ubuntu

   Join Date Apr 2007 Location Upstate NY, USA Beans 769 —> Beans 769 Distro Ubuntu 12.10 Quantal Quetzal

   Re: What program in ubuntu would i use to view Windows DMP files?

   For the .dmp files, they are memory dump files and you’ll need a windows program based on This knowledgebase article.

   If you friend is running windows and is having trouble logging in, I think he’d get faster help on a windows forum.

   • Site Areas
   • Settings
   • Private Messages
   • Subscriptions
   • Who’s Online
   • Search Forums
   • Forums Home
   • Forums
   • The Ubuntu Forum Community
     1. Ubuntu Official Flavours Support
        1. New to Ubuntu
        2. General Help
        3. Installation & Upgrades
        4. Hardware
        5. Desktop Environments
        6. Networking & Wireless
        7. Multimedia Software
     2. Ubuntu Specialised Support
        1. Ubuntu Development Version
        2. Security
        3. Virtualisation
        4. Ubuntu Servers, Cloud and Juju
           1. Server Platforms
           2. Ubuntu Cloud and Juju
        5. Gaming & Leisure
           1. Emulators
        6. Wine
        7. Development & Programming
           1. Packaging and Compiling Programs
           2. Development CD/DVD Image Testing
           3. Ubuntu Application Development
           4. Ubuntu Dev Link Forum
           5. Programming Talk
           6. Repositories & Backports
              1. Ubuntu Backports
                 1. Bug Reports / Support
        8. System76 Support
        9. Apple Hardware Users
     3. Ubuntu Community Discussions
        1. Ubuntu, Linux and OS Chat
           1. Recurring Discussions
           2. Full Circle Magazine
        2. The Cafe
           1. Cafe Games
        3. Market
        4. Mobile Technology Discussions (CLOSED)
        5. Announcements & News
        6. Weekly Newsletter
        7. Membership Applications
        8. The Fridge Discussions
        9. Forum Council Agenda
        10. Forum Feedback & Help
            1. Request a LoCo forum
        11. Resolution Centre
     4. Other Discussion and Support
        1. Other OS Support and Projects
           1. Other Operating Systems
              1. Ubuntu/Debian BASED
              2. Debian
              3. MINT
              4. Arch and derivatives
              5. Fedora/RedHat and derivatives
              6. Mandriva/Mageia
              7. Slackware and derivatives
              8. openSUSE and SUSE Linux Enterprise
              9. Mac OSX
              10. PCLinuxOS
              11. Gentoo and derivatives
              12. Windows
              13. BSD
              14. Any Other OS
        2. Assistive Technology & Accessibility
        3. Art & Design
        4. Education & Science
        5. Documentation and Community Wiki Discussions
        6. Tutorials
           1. Outdated Tutorials & Tips
        7. Ubuntu Women
        8. Ubuntu LoCo Team Forums
           1. Americas LoCo Teams
              1. Argentina Team
                 1. Software
                 2. Hardware
                 3. Comunidad
              2. Arizona Team — US
              3. Arkansas Team — US
              4. Brazil Team
              5. California Team — US
              6. Canada Team
              7. Centroamerica Team
              8. Chile Team
                 1. Comunidad
                 2. Hardware
                 3. Software
                 4. Instalaci�n y Actualizaci�n
              9. Colombia Team — Colombia
              10. Georgia Team — US
              11. Illinois Team
              12. Indiana — US
              13. Kentucky Team — US
              14. Maine Team — US
              15. Minnesota Team — US
              16. Mississippi Team — US
              17. Nebraska Team — US
              18. New Mexico Team — US
              19. New York — US
              20. North Carolina Team — US
              21. Ohio Team — US
              22. Oklahoma Team — US
              23. Oregon Team — US
              24. Pennsylvania Team — US
              25. Peru Team
              26. Texas Team — US
              27. Uruguay Team
              28. Utah Team — US
              29. Virginia Team — US
              30. West Virginia Team — US
           2. Asia and Oceania LoCo Teams
              1. Australia Team
              2. Bangladesh Team
              3. Hong Kong Team
              4. Myanmar Team
              5. Philippine Team
              6. Singapore Team
           3. Europe, Middle East, and African (EMEA) LoCo Teams
              1. Albania Team
              2. Catalan Team
              3. Portugal Team
              4. Egypt Team
              5. Georgia Team
              6. Ireland Team — Ireland
              7. Kenyan Team — Kenya
              8. Kurdish Team — Kurdistan
              9. Lebanon Team
              10. Morocco Team
              11. Saudi Arabia Team
              12. Sudan Team
              13. Tunisia Team
           4. Other Forums & Teams
           5. LoCo Archive
              1. Afghanistan Team
              2. Alabama Team — US
              3. Alaska Team — US
              4. Algerian Team
              5. Andhra Pradesh Team — India
              6. Austria Team
              7. Bangalore Team
              8. Bolivia Team
              9. Cameroon Team
              10. Colorado Team — US
              11. Connecticut Team
              12. Costa Rica Team
              13. Delhi Team
              14. Ecuador Team
              15. El Salvador Team
              16. Florida Team — US
              17. Galician LoCo Team
              18. Greek team
              19. Hawaii Team — US
              20. Honduras Team
              21. Idaho Team — US
              22. Iowa Team — US
              23. Jordan Team
              24. Kansas Team — US
              25. Libya Team
              26. Louisiana Team — US
              27. Maryland Team — US
              28. Massachusetts Team
              29. Michigan Team — US
              30. Missouri Team — US
              31. Montana Team — US
              32. Namibia Team
              33. Nevada Team — US
              34. New Hampshire Team — US
              35. New Jersey Team — US
              36. Northeastern Team — US
              37. Panama Team
              38. Paraguay Team
              39. Qatar Team
              40. Quebec Team
              41. Rhode Island Team — US
              42. Senegal Team
              43. South Carolina Team — US
              44. South Dakota Team — US
              45. Switzerland Team
              46. Tamil Team — India
              47. Tennessee Team — US
              48. Trinidad & Tobago Team
              49. Uganda Team
              50. United Kingdom Team
              51. US LoCo Teams
              52. Venezuela Team
              53. Wales Team
              54. Washington DC Team — US
              55. Washington State Team — US
              56. Wisconsin Team
              57. Yemen Team
              58. Za Team — South Africa
              59. Zimbabwe Team

   Bookmarks

   Bookmarks

   Posting Permissions

   • You may not post new threads
   • You may not post replies
   • You may not post attachments
   • You may not edit your posts

   Источник

   How to extract information from .DMP files

   

   It is going to be a short article in which, we will try to create a .DMP file and will try to extract all info from that file. mostly, this topic is related to windows forensics. for this tutorial, you will require windows OS. but it’s ok if you don’t have it. I will provide you .DMP file for testing purposes. but I will suggest using Windows, so may get a better understanding of this article.

   Well, have you ever heard about .DMP file? DMP is a file extension for the dump file format used by Windows to dump the memory of a crashed program into a file for later diagnostic analysis. DMP files created by Windows are named MINI000000-00.dmp where the zeros are replaced by the date and ending in a sequence number.

   You can google .DMP file for more information.

   As always, I am using Kali Linux. You can use any other Linux. We are going to use a tool named “Pypykatz”. yes I know, it sounds like “Mimikatz”. actually, it is a Mimikatz implementation in python. just so you can use Mimikatz in Linux too.

   So first, we will need to install this tool on our Linux, Type this command:

   git clone https://github.com/skelsec/pypykatz.git

   But there is another method to do this. via pip, Type this command:

   

   It is possible that you never heard of this tool before. But it is a great tool the same as Mimikatz. before going more further. I would like to tell you lsass.DMP . it is a jackpot if you find this file. its full form is “Local Security Authority Subsystem Service”. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. it means you can find passwords in its dump file.

   Pypykatz is specially made for lsass.DMP file. It won’t work on other files. let’s grab some passwords from lsass.DMP . Type this command:

   pypykatz lsa minidump lsass.DMP

   

   You can create your own lsass.DMP file. Go to task manager > process> show all process

   then Right-Click on any process and create a .DMP file.

   Later, you will be able to find the file in AppData\Local\Temp .

   

   But Pypykatz is only for lsass.DMP file. what if you want to analyze other files. then there is a very popular forensic tool called “Volatility” takes its place. It is a little bit complicated. I am saying so, because sometimes it doesn’t work.

   

   There are many alternatives to the Volatility tool. We will discuss those in another post.

   Источник