Home > Uncategorized > Extracting data from a running process #Windows / #WindowsSecurity

Extracting data from a running process #Windows / #WindowsSecurity

CreateDumpFile

In this particular instance, I had a long running EXE, that crashed, but didn’t terminate. I couldn’t restart it, but I see that it was still in- memory, so I wanted to see if I could rescue the data from it, or at least some of the data, there was about a 1GB memory footprint.

So, I opened task manager, and Right Click > Create memory dump, and it created a 1GB file. I opened this file in GLOGG, a large file viewer.

dump

And… lo and behold, amonst alot of binary data, there was plain text, that could be easily extracted. Like in this screenshot, where you can see HTML in plain text.

This also may serve as an alarm bell for any software that might hold passwords or sensitive information in memory. Make sure that passwords are not held in static variables, since this approach could be used to extract them.

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: