<h1>ProcDump memory dump to Pandas DataFrame</h1>
```python
# Download ProcDump: https://learn.microsoft.com/pt-br/sysinternals/downloads/procdump
# I had to make some changes to winappdbg
# If you get an Exception, download https://github.com/hansalemaos/a_pandas_ex_memorydump_to_df/blob/main/winappdbg.zip
# and overwrite all files in Lib\site-packages\winappdbg
$pip install a-pandas-ex-memorydump-to-df
import pandas as pd
from a_pandas_ex_memorydump_to_df import pd_add_memorydf
pd_add_memorydf()
df = pd.Q_df_from_memory(
pid=9132, procdumppath=r"C:\Program Files\procdump.exe", with_utf8_bytes=False
) # with_utf8_bytes=True takes much more time!
The method will convert all bytes to every possible format which means, the DataFrame
might get huge.
# Notepad.exe
# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66
# 0 00000000 00010000 ... 46 46
# 1 00000000 00010010 ... 46 46
# 2 00000000 00010020 ... 46 46
# 3 00000000 00010030 ... 46 46
# 4 00000000 00010040 ... 46 46
# ... ... ... ... ...
# 64014 00007ff5 fffb0fc0 ... 46 46
# 64015 00007ff5 fffb0fd0 ... 46 46
# 64016 00007ff5 fffb0fe0 ... 46 46
# 64017 00007ff5 fffb0ff0 ... 46 46
# 64018 00007ff5 fffb1000 ... 0 0
# [64019 rows x 304 columns]
# df.size
# Out[16]: 19461776
# explorer.exe
# df
# Out[10]:
# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66
# 0 00000000 00010000 ... 46 46
# 1 00000000 00010010 ... 46 46
# 2 00000000 00010020 ... 46 46
# 3 00000000 00010030 ... 46 46
# 4 00000000 00010040 ... 46 46
# ... ... ... ... ...
# 3234712 00007ff5 fffb0fc0 ... 46 46
# 3234713 00007ff5 fffb0fd0 ... 46 46
# 3234714 00007ff5 fffb0fe0 ... 46 46
# 3234715 00007ff5 fffb0ff0 ... 46 46
# 3234716 00007ff5 fffb1000 ... 0 0
#
# [3234717 rows x 304 columns]
#
# df.size
# Out[11]: 983353968
# Location of the temp file (procdump)
# df.tmp_file_path
# Out[14]: 'C:\\Users\\Gamer\\AppData\\Local\\Temp\\tmpsypcc1g5.dmp'
# df.tmp_delete_file() $ file must be closed before
```
### Let's compare the converted values with the ones from CheatEngine
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000001.png" alt="">
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000002.png" alt="">
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000003.png" alt="">
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000004.png" alt="">
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000005.png" alt="">
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000006.png" alt="">
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000007.png" alt="">
<img title="" src="https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000008.png" alt="">
Raw data
{
"_id": null,
"home_page": "https://github.com/hansalemaos/a_pandas_ex_memorydump_to_df",
"name": "a-pandas-ex-memorydump-to-df",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "hacking,debug,debugging",
"author": "Johannes Fischer",
"author_email": "<aulasparticularesdealemaosp@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/6a/e5/6327980bff9a2218eda4db7b29065eb1ddc189d9b74b19950617d2119e36/a_pandas_ex_memorydump_to_df-0.11.tar.gz",
"platform": null,
"description": "\n<h1>ProcDump memory dump to Pandas DataFrame</h1>\n\n\n\n```python\n\n\n\n# Download ProcDump: https://learn.microsoft.com/pt-br/sysinternals/downloads/procdump\n\n# I had to make some changes to winappdbg\n\n# If you get an Exception, download https://github.com/hansalemaos/a_pandas_ex_memorydump_to_df/blob/main/winappdbg.zip\n\n# and overwrite all files in Lib\\site-packages\\winappdbg\n\n\n\n$pip install a-pandas-ex-memorydump-to-df\n\n\n\nimport pandas as pd\n\nfrom a_pandas_ex_memorydump_to_df import pd_add_memorydf\n\npd_add_memorydf()\n\n\n\ndf = pd.Q_df_from_memory(\n\n pid=9132, procdumppath=r\"C:\\Program Files\\procdump.exe\", with_utf8_bytes=False\n\n) # with_utf8_bytes=True takes much more time!\n\n\n\n\n\nThe method will convert all bytes to every possible format which means, the DataFrame \n\nmight get huge. \n\n\n\n\n\n\n\n# Notepad.exe\n\n# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66\n\n# 0 00000000 00010000 ... 46 46\n\n# 1 00000000 00010010 ... 46 46\n\n# 2 00000000 00010020 ... 46 46\n\n# 3 00000000 00010030 ... 46 46\n\n# 4 00000000 00010040 ... 46 46\n\n# ... ... ... ... ...\n\n# 64014 00007ff5 fffb0fc0 ... 46 46\n\n# 64015 00007ff5 fffb0fd0 ... 46 46\n\n# 64016 00007ff5 fffb0fe0 ... 46 46\n\n# 64017 00007ff5 fffb0ff0 ... 46 46\n\n# 64018 00007ff5 fffb1000 ... 0 0\n\n# [64019 rows x 304 columns]\n\n\n\n# df.size\n\n# Out[16]: 19461776\n\n\n\n# explorer.exe\n\n# df\n\n# Out[10]:\n\n# aa_address1_hex aa_address2_hex ... aa_ascii_int_63 aa_ascii_int_66\n\n# 0 00000000 00010000 ... 46 46\n\n# 1 00000000 00010010 ... 46 46\n\n# 2 00000000 00010020 ... 46 46\n\n# 3 00000000 00010030 ... 46 46\n\n# 4 00000000 00010040 ... 46 46\n\n# ... ... ... ... ...\n\n# 3234712 00007ff5 fffb0fc0 ... 46 46\n\n# 3234713 00007ff5 fffb0fd0 ... 46 46\n\n# 3234714 00007ff5 fffb0fe0 ... 46 46\n\n# 3234715 00007ff5 fffb0ff0 ... 46 46\n\n# 3234716 00007ff5 fffb1000 ... 0 0\n\n#\n\n# [3234717 rows x 304 columns]\n\n#\n\n# df.size\n\n# Out[11]: 983353968\n\n\n\n# Location of the temp file (procdump)\n\n# df.tmp_file_path\n\n# Out[14]: 'C:\\\\Users\\\\Gamer\\\\AppData\\\\Local\\\\Temp\\\\tmpsypcc1g5.dmp'\n\n# df.tmp_delete_file() $ file must be closed before\n\n\n\n```\n\n\n\n### Let's compare the converted values with the ones from CheatEngine\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000001.png\" alt=\"\">\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000002.png\" alt=\"\">\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000003.png\" alt=\"\">\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000004.png\" alt=\"\">\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000005.png\" alt=\"\">\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000006.png\" alt=\"\">\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000007.png\" alt=\"\">\n\n\n\n<img title=\"\" src=\"https://github.com/hansalemaos/screenshots/raw/main/debugdf/debugdf_00000008.png\" alt=\"\">\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Load a ProcDump memory dump into a Pandas DataFrame",
"version": "0.11",
"split_keywords": [
"hacking",
"debug",
"debugging"
],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "b35e729c855f99cc2a115714107b70b6",
"sha256": "a885450697e4fce25c2a16b381835d37b1a154edc88b877ca25958c653f63b8a"
},
"downloads": -1,
"filename": "a_pandas_ex_memorydump_to_df-0.11-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b35e729c855f99cc2a115714107b70b6",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 9982,
"upload_time": "2022-12-27T00:56:31",
"upload_time_iso_8601": "2022-12-27T00:56:31.286661Z",
"url": "https://files.pythonhosted.org/packages/80/73/e36daeccc68247b32e0176b8f5d7c4e0f02c8ca03331bea63efd6a6d3c5e/a_pandas_ex_memorydump_to_df-0.11-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"md5": "62761942c9d7ecd72811ecd445266157",
"sha256": "e45c9b3d17a2088b67f1cbff1b7579a662b5bd67bd7c7b6036a1c37074b68d23"
},
"downloads": -1,
"filename": "a_pandas_ex_memorydump_to_df-0.11.tar.gz",
"has_sig": false,
"md5_digest": "62761942c9d7ecd72811ecd445266157",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 9094,
"upload_time": "2022-12-27T00:56:32",
"upload_time_iso_8601": "2022-12-27T00:56:32.671666Z",
"url": "https://files.pythonhosted.org/packages/6a/e5/6327980bff9a2218eda4db7b29065eb1ddc189d9b74b19950617d2119e36/a_pandas_ex_memorydump_to_df-0.11.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-12-27 00:56:32",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "hansalemaos",
"github_project": "a_pandas_ex_memorydump_to_df",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "a-pandas-ex-memorydump-to-df"
}
JSON
