Skip to content

Latest commit

 

History

History
54 lines (41 loc) · 1.15 KB

README.md

File metadata and controls

54 lines (41 loc) · 1.15 KB
Raw

lsassDumper

LsassDumper is a utility designed to dump the Local Security Authority Subsystem Service (LSASS) process memory to a file. This can be useful for security analysis or debugging purposes.

Features

  • Enable Debug Privilege: Automatically enables the SE_DEBUG_NAME privilege required to access LSASS.
  • Modify LSA Protection: Temporarily disables LSA protection to allow for dumping.
  • Admin Check: Ensures the program is run with administrative privileges.
  • Dump LSASS: Dumps the LSASS process memory to a specified file.
  • Restore LSA Protection: Re-enables LSA protection after dumping.

Usage

To use LsassDumper, follow these steps:

Build Instructions

  1. Clone the repository
git clone https://github.com/mendax0110/lsassDumper.git
  1. Change directory to the cloned repository
cd lsassDumper
  1. Create the build directory
mkdir build
  1. Change directory to the build directory
cd build
  1. Build CMake files
cmake ..
  1. Build the project
cmake --build .

Usage

lsassDumper.exe -p <dump file path>

Supported Platforms

  • Windows