RustiveDump is a Rust-based tool designed to dump the memory of the lsass.exe process using only NT system calls.
It creates a minimal minidump file from scratch, containing essential components like SystemInfo, ModuleList, and Memory64List, with support for XOR encryption and remote transmission.
This project is a personal learning experience, focusing on leveraging native Windows APIs for memory dumping and building a minimalistic minidump file entirely from the ground up.
no_std feature, which removes reliance on Rust’s standard library, and it’s also CRT library independent. This resulting in a lean release build of only 18KB.NtOpenProcessToken and NtAdjustPrivilegesToken to enable SeDebugPrivilege, allowing access to protected processes like lsass.exe.NtQuerySystemInformation to get a snapshot of active processes, and then opens a process handle using NtOpenProcess with the PROCESS_QUERY_INFORMATION and PROCESS_VM_READ access rights.NtQueryVirtualMemory and dumps committed and accessible memory using NtReadVirtualMemory.NtQueryInformationProcess to extract the ModuleList from the remote PEB (Process Environment Block).NtCreateFile and NtWriteFile, or sent to a remote server. If desired, the dump can also be encrypted with XOR before being saved or transmitted.RustiveDump offers several configurable build options through cargo make to customize the behavior of the tool. You can enable features like XOR encryption, remote file transmission and verbose logging.
Available Features:
lsasrv.dll module from lsass.exe.To build RustiveDump with different combinations of features, use the following commands:
cargo make cargo make --env FEATURES=xor,remote,lsasrv,verbose RustiveDump generates a minimalistic minidump file, including only the essential components for tools like Mimikatz and Pypykatz. The file consists of three core streams.
For more details on the Minidump file structure, see: Minidump (MDMP) format documentation.
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…