This project merges the following project:
- Spawning a process via
RtlCreateProcessReflection- The original POC is available on GitHub - NanoDumpWriteDump (extracted from NanoDump project)
If you want to change the output file, change the path specified in src/main.cpp in CreateFile api.
The MiniDumpWriteDump API has been replaced with NanoDumpWriteDump from NanoDump project.
For building you can use - msbuild - cmake - Visual C++ via command line
To build a minimal file (VS 2022 ~16Kb) you need to use the Release profile (x64).
- From Visual Studio choose x64 | release
- From x64 Developer Prompt:
MSBuild dumplsass.sln -t:Rebuild -p:Configuration=Release - Via CMake:
cmake -S . -B build/ -D CMAKE_BUILD_TYPE=Release && cmake --build build --config Release
NanoDump documentation is available at https://www.coresecurity.com/core-labs/articles/nanodump-red-team-approach-minidumps
Source code is available here.
To avoid to include all nanodump features, I just merged into nanodump all functions/definitions used by NanoDumpWriteDump.