Чем открыть dmp linux

Decoding Crash Dumps

The tools from Breakpad needed to process crash dumps manually are minidump_stackwalk and dump_syms. It is possible to build these tools from source from within a Chromium checkout on Mac and Linux by running, for example, ninja -C out/Release minidump_stackwalk dump_syms. To build these tools from source in a Breakpad checkout, check out the source from http://code.google.com/p/google-breakpad/ and follow the included instructions.

Get the crash dump

Crash dumps (.dmp files) usually come from a crash server i.e. http://crash/ or from the crash reports directory: /path/to/profile/Crash Reports. I.e. ~/.config/google-chrome/Crash Reports/ on Linux. For Linux crash dumps that are in the crash reports directory, one must strip off the headers before processing it with minidump_stackwalk. Just open the file in a text editor and delete all the lines up until the line that starts with MDMP followed by binary data.

Getting the stacktrace (without symbols)

Run minidump_stackwalk foo.dmp. For 32-bit, minidump_stackwalk will display the stacktrace without symbols. For 64-bit, it will only display the top frame.

Get the debugging symbols

To get symbols or more frames, one needs to have the symbols for the libraries and executables that are part of the stacktrace. The easiest way is to run a tool that will generate the right directory structure: components/crash/content/tools/generate_breakpad_symbols.py —build-dir=out/gnand —symbols-dir=/tmp/my_symbols/ —binary=out/gnand/lib.unstripped/libchrome.so —clear —verbose To do the same thing manually, start by running: minidump_stackwalk foo.dmp /tmp/my_symbols 2>&1 | grep my_symbols This will print out lines like: [time stamp] simple_symbol_supplier.cc:150: INFO: No symbol file at /tmp/my_symbols/libfoo/hash/libfoo.sym. In order to get the symbol file for libfoo, one needs to have a copy of the exact libfoo binary from the system that generated the crash and its corresponding debugging symbols. Oftentimes, Linux distros provide libfoo and its debugging symbols as two separate packages. In the chrome build, you’ll need an unstripped binary — official builds generate these by default somewhere. After obtaining and extracting the packages, use dump_syms to extract the symbols. Assuming the library in question is /lib/libfoo.so and its debugging symbol is /usr/debug/lib/libfoo.so, run: dump_syms /lib/libfoo.so /usr/debug/lib > /tmp/libfoo.so.sym To verify it’s the correct version of libfoo, look at the hash from the minidump_stackwalk output and compare it to the hash on the first line. If they match, move /tmp/libfoo.sym to /tmp/my_symbols/libfoo.so/hash/libfoo.so.sym and minidump_stackwalk will load it on future runs to give better stacktraces. Repeat this process for other libraries until minidump_stackwalk outputs the required information.

Читайте также:  Команда top linux все процессы

Decoding Windows crash dumps on Linux

  1. Obtain the .pdb file and put it on a Windows machine. (It may be possible to do this with Wine, YMMV.)
  2. Download dump_syms.exe.
  3. Run: dump_syms foo.pdb > foo.sym
    • If no error messages, then go to the last step
    • If you get: CoCreateInstance CLSID_DiaSource failed (msdia80.dll unregistered?), go to step 4.
  4. Get a copy of msdia80.dll and put it in c:\Program Files\Common Files\Microsoft Shared\VC\.
  5. As Administrator, run: regsvr32 c:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll.
    • On success, retry step 3.
    • If you get error 0x80004005, you did not run as Administrator.
  6. Create a symbol-server directory layout
    1. Find the GUID/age descriptor (printed on the «No symbols» line if symbols can’t be found)
    2. Create a directory of the form symbols/foo.pdb/GUIDandAge, similar to symbol-server layout, and put foo.sym in that directory. Note that the directory name is foo.pdb but the file name is foo.sym. For instance:
      • 0x7ff77ead0000 — 0x7ff77eb6efff main.exe . (main) (WARNING: No symbols, main.pdb, B7B61AB08C8345248B45D99552B0100C1)
      • mkdir -p symbols/main.pdb/B7B61AB08C8345248B45D99552B0100C1
      • cp main.sym symbols/main.pdb/B7B61AB08C8345248B45D99552B0100C1
    3. Run minidump_stackwalk on Linux specifying the crash dump and the symbols directory:
      • minidump_stackwalk foo.dmp symbols

    Decoding Mac crash dumps

    If you’ve built Chromium.app with symbols, the easiest way to symbolize a crash is to let Crashpad forward the crash to the system crash reporter. See set_system_crash_reporter_forwarding.

    Источник

    Thread: What program in ubuntu would i use to view Windows DMP files?

    cheat117 is offline5 Cups of Ubuntu

    Read Windows .DMP files?

    cheat117 is offline5 Cups of Ubuntu

    What program in ubuntu would i use to view Windows DMP files?

    My friends system does not get past the login screen and since i have remote access only im trying to help him via ubuntu livecd. Does anyone have any suggestions besides deleting windows? He’s a gamer so naturally windows is a must for him.

    sffvba[e0rt is offline

    I Ubuntu, Therefore, I Am

    Re: What program in ubuntu would i use to view Windows DMP files?

    One thread per issue please.

    cheat117 is offline5 Cups of Ubuntu

    Re: What program in ubuntu would i use to view Windows DMP files?

    QuoteOriginally Posted by not found View Post

    One thread per issue please.

    Terl is offlineExtra Foam Sugar Free Ubuntu

    Join Date Apr 2007 Location Upstate NY, USA Beans 769 —> Beans 769 Distro Ubuntu 12.10 Quantal Quetzal

    Re: What program in ubuntu would i use to view Windows DMP files?

    For the .dmp files, they are memory dump files and you’ll need a windows program based on This knowledgebase article.

    If you friend is running windows and is having trouble logging in, I think he’d get faster help on a windows forum.

    • Site Areas
    • Settings
    • Private Messages
    • Subscriptions
    • Who’s Online
    • Search Forums
    • Forums Home
    • Forums
    • The Ubuntu Forum Community
      1. Ubuntu Official Flavours Support
        1. New to Ubuntu
        2. General Help
        3. Installation & Upgrades
        4. Hardware
        5. Desktop Environments
        6. Networking & Wireless
        7. Multimedia Software
      2. Ubuntu Specialised Support
        1. Ubuntu Development Version
        2. Security
        3. Virtualisation
        4. Ubuntu Servers, Cloud and Juju
          1. Server Platforms
          2. Ubuntu Cloud and Juju
        5. Gaming & Leisure
          1. Emulators
        6. Wine
        7. Development & Programming
          1. Packaging and Compiling Programs
          2. Development CD/DVD Image Testing
          3. Ubuntu Application Development
          4. Ubuntu Dev Link Forum
          5. Programming Talk
          6. Repositories & Backports
            1. Ubuntu Backports
              1. Bug Reports / Support
        8. System76 Support
        9. Apple Hardware Users
      3. Ubuntu Community Discussions
        1. Ubuntu, Linux and OS Chat
          1. Recurring Discussions
          2. Full Circle Magazine
        2. The Cafe
          1. Cafe Games
        3. Market
        4. Mobile Technology Discussions (CLOSED)
        5. Announcements & News
        6. Weekly Newsletter
        7. Membership Applications
        8. The Fridge Discussions
        9. Forum Council Agenda
        10. Forum Feedback & Help
          1. Request a LoCo forum
        11. Resolution Centre
      4. Other Discussion and Support
        1. Other OS Support and Projects
          1. Other Operating Systems
            1. Ubuntu/Debian BASED
            2. Debian
            3. MINT
            4. Arch and derivatives
            5. Fedora/RedHat and derivatives
            6. Mandriva/Mageia
            7. Slackware and derivatives
            8. openSUSE and SUSE Linux Enterprise
            9. Mac OSX
            10. PCLinuxOS
            11. Gentoo and derivatives
            12. Windows
            13. BSD
            14. Any Other OS
        2. Assistive Technology & Accessibility
        3. Art & Design
        4. Education & Science
        5. Documentation and Community Wiki Discussions
        6. Tutorials
          1. Outdated Tutorials & Tips
        7. Ubuntu Women
        8. Ubuntu LoCo Team Forums
          1. Americas LoCo Teams
            1. Argentina Team
              1. Software
              2. Hardware
              3. Comunidad
            2. Arizona Team — US
            3. Arkansas Team — US
            4. Brazil Team
            5. California Team — US
            6. Canada Team
            7. Centroamerica Team
            8. Chile Team
              1. Comunidad
              2. Hardware
              3. Software
              4. Instalaci�n y Actualizaci�n
            9. Colombia Team — Colombia
            10. Georgia Team — US
            11. Illinois Team
            12. Indiana — US
            13. Kentucky Team — US
            14. Maine Team — US
            15. Minnesota Team — US
            16. Mississippi Team — US
            17. Nebraska Team — US
            18. New Mexico Team — US
            19. New York — US
            20. North Carolina Team — US
            21. Ohio Team — US
            22. Oklahoma Team — US
            23. Oregon Team — US
            24. Pennsylvania Team — US
            25. Peru Team
            26. Texas Team — US
            27. Uruguay Team
            28. Utah Team — US
            29. Virginia Team — US
            30. West Virginia Team — US
          2. Asia and Oceania LoCo Teams
            1. Australia Team
            2. Bangladesh Team
            3. Hong Kong Team
            4. Myanmar Team
            5. Philippine Team
            6. Singapore Team
          3. Europe, Middle East, and African (EMEA) LoCo Teams
            1. Albania Team
            2. Catalan Team
            3. Portugal Team
            4. Egypt Team
            5. Georgia Team
            6. Ireland Team — Ireland
            7. Kenyan Team — Kenya
            8. Kurdish Team — Kurdistan
            9. Lebanon Team
            10. Morocco Team
            11. Saudi Arabia Team
            12. Sudan Team
            13. Tunisia Team
          4. Other Forums & Teams
          5. LoCo Archive
            1. Afghanistan Team
            2. Alabama Team — US
            3. Alaska Team — US
            4. Algerian Team
            5. Andhra Pradesh Team — India
            6. Austria Team
            7. Bangalore Team
            8. Bolivia Team
            9. Cameroon Team
            10. Colorado Team — US
            11. Connecticut Team
            12. Costa Rica Team
            13. Delhi Team
            14. Ecuador Team
            15. El Salvador Team
            16. Florida Team — US
            17. Galician LoCo Team
            18. Greek team
            19. Hawaii Team — US
            20. Honduras Team
            21. Idaho Team — US
            22. Iowa Team — US
            23. Jordan Team
            24. Kansas Team — US
            25. Libya Team
            26. Louisiana Team — US
            27. Maryland Team — US
            28. Massachusetts Team
            29. Michigan Team — US
            30. Missouri Team — US
            31. Montana Team — US
            32. Namibia Team
            33. Nevada Team — US
            34. New Hampshire Team — US
            35. New Jersey Team — US
            36. Northeastern Team — US
            37. Panama Team
            38. Paraguay Team
            39. Qatar Team
            40. Quebec Team
            41. Rhode Island Team — US
            42. Senegal Team
            43. South Carolina Team — US
            44. South Dakota Team — US
            45. Switzerland Team
            46. Tamil Team — India
            47. Tennessee Team — US
            48. Trinidad & Tobago Team
            49. Uganda Team
            50. United Kingdom Team
            51. US LoCo Teams
            52. Venezuela Team
            53. Wales Team
            54. Washington DC Team — US
            55. Washington State Team — US
            56. Wisconsin Team
            57. Yemen Team
            58. Za Team — South Africa
            59. Zimbabwe Team

    Bookmarks

    Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts

    Источник

    How to extract information from .DMP files

    It is going to be a short article in which, we will try to create a .DMP file and will try to extract all info from that file. mostly, this topic is related to windows forensics. for this tutorial, you will require windows OS. but it’s ok if you don’t have it. I will provide you .DMP file for testing purposes. but I will suggest using Windows, so may get a better understanding of this article.

    Well, have you ever heard about .DMP file? DMP is a file extension for the dump file format used by Windows to dump the memory of a crashed program into a file for later diagnostic analysis. DMP files created by Windows are named MINI000000-00.dmp where the zeros are replaced by the date and ending in a sequence number.

    You can google .DMP file for more information.

    As always, I am using Kali Linux. You can use any other Linux. We are going to use a tool named “Pypykatz”. yes I know, it sounds like “Mimikatz”. actually, it is a Mimikatz implementation in python. just so you can use Mimikatz in Linux too.

    So first, we will need to install this tool on our Linux, Type this command:

    git clone https://github.com/skelsec/pypykatz.git

    But there is another method to do this. via pip, Type this command:

    It is possible that you never heard of this tool before. But it is a great tool the same as Mimikatz. before going more further. I would like to tell you lsass.DMP . it is a jackpot if you find this file. its full form is “Local Security Authority Subsystem Service”. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. it means you can find passwords in its dump file.

    Pypykatz is specially made for lsass.DMP file. It won’t work on other files. let’s grab some passwords from lsass.DMP . Type this command:

    pypykatz lsa minidump lsass.DMP

    You can create your own lsass.DMP file. Go to task manager > process> show all process

    then Right-Click on any process and create a .DMP file.

    Later, you will be able to find the file in AppData\Local\Temp .

    But Pypykatz is only for lsass.DMP file. what if you want to analyze other files. then there is a very popular forensic tool called “Volatility” takes its place. It is a little bit complicated. I am saying so, because sometimes it doesn’t work.

    There are many alternatives to the Volatility tool. We will discuss those in another post.

    Источник

Оцените статью
Adblock
detector