5ixddlZddlTddlmZdZGddejZdZedkr edSdS) N)*)hexdumpct|tr|St|tr|dddkrt|dddS|dddkrt|dddSt|St dt |z)N0x0bzUnknown integer format! %s) isinstanceintstrlower Exceptiontype)xs L/home/kali/Ninja/venv/lib/python3.11/site-packages/minidump/minidumpshell.pyargs2intrsq# : (C :rrU[[]]d aeR..!u{{}} aeQ-- a&&= .a8999ceZdZdZdZdZdZdZdZdZ dZ dZ d Z d Z d Zd Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdS) MinidumpShellzBWelcome to the minidump shell. Type help or ? to list commands. z [minidump] Nrct||_|j|_dS)zOpens minidump fileN) MinidumpFileparsemini get_readerget_buffered_readerreader)selffilenames rdo_openzMinidumpShell.do_opens<  **$) $$&&::<<$+++rcn|jj(tt|jjdSdS)z$Shows PEB information (if available)N)rpebprintr rargss rdo_pebzMinidumpShell.do_peb s4 Y]TY]  rc6|jj&tt|jj|jj&tt|jj|jj(tt|jjdSdS)z+Lists all thread information (if available)N)rthreadsr"r threads_ex thread_infor#s r do_threadszMinidumpShell.do_threads%s Y"TY       Y%TY ! " "### Y&TY " # #$$$$$'&rc6|jj&tt|jj|jj&tt|jj|jj(tt|jjdSdS)zLists all memory segmentsN)rmemory_segmentsr"r memory_segments_64 memory_infor#s r do_memoryzMinidumpShell.do_memory.s Y*TY & ' '((( Y!-TY ) * *+++ Y&TY " # #$$$$$'&rc|jj&tt|jj|jj(tt|jjdSdS)z?Lists all loaded and unloaded module information (if available)N)rmodulesr"r unloaded_modulesr#s r do_moduleszMinidumpShell.do_modules7s\ Y"TY       Y+TY ' ( ())))),+rcn|jj(tt|jjdSdS)zShows sysinfo (if available)N)rsysinfor"r r#s r do_sysinfozMinidumpShell.do_sysinfo>6 Y"TY        #"rcn|jj(tt|jjdSdS)z*Shows exception information (if available)N)r exceptionr"r r#s r do_exceptionzMinidumpShell.do_exceptionC6 Y$TY ! !"""""%$rc|jj&tt|jj|jj(tt|jjdSdS)zLists all comments (if any)N)r comment_ar"r comment_wr#s r do_commentszMinidumpShell.do_commentsHs\ Y$TY ! !""" Y$TY ! !"""""%$rcn|jj(tt|jjdSdS)z Lists all handles (if available)N)rhandlesr"r r#s r do_handleszMinidumpShell.do_handlesOr7rcn|jj(tt|jjdSdS)z+Lists all miscellaneous info (if available)N)r misc_infor"r r#s rdo_misczMinidumpShell.do_miscTr;rcdS)QuitTr#s rdo_quitzMinidumpShell.do_quitZs rc,|dSrGNrIr#s rdo_exitzMinidumpShell.do_exit] d  rc,|dSrKrLr#s rdo_qzMinidumpShell.do_q`rNrc.t||_dS)zIChanges the hexdump print size to the given bytes/line size (default: 16)N)r hexdump_size)r printsizes r do_printsizezMinidumpShell.do_printsizeesy))$rc|j}|jjj}||z }dt |dt |dt |d|_dS)N[ +z] )rtellcurrent_segment start_addresshexprompt)rr$poscurrent_segment_startsegment_relative_positions r update_promptzMinidumpShell.update_promptisl #+5C!$99!$S3/D+E+E+E+EsKdGeGeGeGef$+++rc|j}|tdtt|dS)zIShows/refreshes the current position in the process' virtual memory spaceNzRReader not yet positioned! Issue a "move" command with the desired memory address!)rrYr"r\)rr$rs rdo_tellzMinidumpShell.do_tellos> k!Y ]^^^A-----rct|}|j||ddS)z>Sets the current position in the process' virtual memory spaceN)rrmovera)rpositionr^s rdo_movezMinidumpShell.do_movevs?#+3Trct|}|j}|j|}t t ||jd||ddS)zePerforms a read of 'count' bytes from the current position and updates the cursor with the bytes read.lengthsepstartN)rrrYreadr"rrRrarcount pos_beforedatas rdo_readzMinidumpShell.do_read|q 5//%{!!*   % $d/S*MMMNNNTrc|j}td|ztdt|z|ddS)zReads a signed integer starting the current position and updates the cursor with the bytes read. The integer size is determined automatically by the processor architecture information from the dump fileD: %sH: %sN)rread_intr"r\rarr$rrs rdo_readizMinidumpShell.do_readisZ     $$#d))Trc|j}td|ztdt|z|ddS)zReads an unsigned integer starting the current position and updates the cursor with the bytes read. The integer size is determined automatically by the processor architecture information from the dump filervrwN)r read_uintr"r\rarys r do_readuizMinidumpShell.do_readuisZ    $$#d))Trct|}|j}|j|}t t ||jd||ddS)zYPerforms a read of 'count' bytes from the current position but doesn't update the cursor.rirjN)rrrYpeekr"rrRraros rdo_peekzMinidumpShell.do_peekrtr)__name__ __module__ __qualname__intror]rrrRrr%r*r/r3r6r:r?rBrErIrMrPrTrarcrgrsrzr}rrHrrrrsk O   ===  %%%%%%***!!! ### ###!!! ###  ***ggg  rrcddl}|d}|ddd|}t }|jr||j|dS)NrzA parser for minidumnp files) descriptionz-fz--minidumpfilez&path to the minidump file of lsass.exe)help)argparseArgumentParser add_argument parse_argsr minidumpfilercmdloop)rparserr$shells rmainrs  ! !.L ! M MT+2Z[[[ #--!"""r__main__) cmdminidump.minidumpfileminidump.common_structsrrCmdrrrrHrrrs ####++++++ : : :DDDDDCGDDDN    zr