Giters

deepinstinct / LsassSilentProcessExit

Command line interface to dump LSASS memory to disk via SilentProcessExit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

LsassSilentProcessExit

New method of causing WerFault.exe to dump lsass.exe process memory to disk for credentials extraction via silent process exit mechanism without crasing lsass.exe.

Usage:
LsassSilentProcessExit.exe <PID of LSASS.exe> <DumpMode>

Where DumpMode can be:

  0 - Call RtlSilentProcessExit on LSASS process handle
  1 - Call CreateRemoteThread on RtlSilentProcessExit on LSASS

About

Command line interface to dump LSASS memory to disk via SilentProcessExit

Languages

Language:C++ 100.0%