search

skelsec / minidump

Python library to parse and read Microsoft minidump file format
MIT License
270 stars 55 forks source link

MinidumpHeaderSignatureMismatchException: EGAP #11

Closed TonyCrespoMe closed 4 years ago

TonyCrespoMe commented 4 years ago

❯ minidump --all UcmUcsiCx.sys-20200103-0940.dmp

minidump 0.0.12

Author: Tamas Jos @skelsec (skelsecprojects@gmail.com)

Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.7/bin/minidump", line 11, in load_entry_point('minidump==0.0.12', 'console_scripts', 'minidump')() File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/minidump-0.0.12-py3.7.egg/minidump/main.py", line 51, in run File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/minidump-0.0.12-py3.7.egg/minidump/minidumpfile.py", line 48, in parse File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/minidump-0.0.12-py3.7.egg/minidump/minidumpfile.py", line 78, in _parse File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/minidump-0.0.12-py3.7.egg/minidump/minidumpfile.py", line 82, in __parse_header File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/minidump-0.0.12-py3.7.egg/minidump/header.py", line 35, in parse minidump.exceptions.MinidumpHeaderSignatureMismatchException: EGAP

skelsec commented 4 years ago

Hello! I believe you are trying to parse a file which is not in minidump format. Mindump format files must begin with the magic "MDMP" and yours looks like it begins with "PAGE"

What tool generated your dump file?