Procdump - A Linux Version Of The Procdump Sysinternals Tool


ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient agency for Linux developers to practise pith dumps of their application based on functioning triggers.

Installation & Usage

Requirements
  • Minimum OS:
    • Red Hat Enterprise Linux / CentOS 7
    • Fedora 26
    • Mageia 6
    • Ubuntu 14.04 LTS
    • We are actively testing against other Linux distributions. If you lot bring requests for specific distros, delight allow us know (or practise a describe asking amongst the necessary changes).
  • gdb >= 7.6.1
  • zlib (build-time only)

Install ProcDump

Via Package Manager [prefered method]

1. Add the Microsoft Product feed
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg

Register the Microsoft Product feed

Ubuntu 16.04
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod xenial main" > /etc/apt/sources.list.d/microsoft.list'

Ubuntu 14.04
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod trusty main" > /etc/apt/sources.list.d/microsoft.list'

2. Install Procdump
sudo apt-get update sudo apt-get install procdump

Via .deb Package
Pre-Depends: dpkg(>=1.17.5)

1. Download .deb Package

Ubuntu 16.04
wget https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod/pool/main/p/procdump/procdump_1.0.1_amd64.deb

Ubuntu 14.04
wget https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod/pool/main/p/procdump/procdump_1.0.1_amd64.deb

2. Install Procdump
sudo dpkg -i procdump_1.0.1_amd64.deb sudo apt-get -f install

Uninstall

Ubuntu 14.04+
sudo apt-get purge procdump

Usage
Usage: procdump [OPTIONS...] TARGET    OPTIONS       -C          CPU threshold at which to practise a dump of the procedure from 0 to 100 * nCPU       -c          CPU threshold below which to practise a dump of the procedure from 0 to 100 * nCPU       -M          Memory commit threshold inward MB at which to practise a dump       -m          Trigger when retentivity commit drops below specified MB value.       -n          Number of dumps to write earlier exiting       -s          Consecutive seconds earlier dump is written (default is 10)    TARGET must endure just i of these:       -p          pid of the procedure       -w          Name of the procedure executable

Examples
The next examples all target a procedure amongst pid == 1234
The next volition practise a pith dump immediately.
sudo procdump -p 1234
The next volition practise iii pith dumps 10 seconds apart.
sudo procdump -n iii -p 1234
The next volition practise iii pith dumps v seconds apart.
sudo procdump -n iii -s v -p 1234
The next volition practise a pith dump each fourth dimension the procedure has CPU usage >= 65%, upward to iii times, amongst at to the lowest degree 10 seconds betwixt each dump.
sudo procdump -C 65 -n iii -p 1234
The next volition practise a pith dump each fourth dimension the procedure has CPU usage >= 65%, upward to iii times, amongst at to the lowest degree v seconds betwixt each dump.
sudo procdump -C 65 -n iii -s v -p 1234
The next volition practise a pith dump when CPU usage is exterior the make [10,65].
sudo procdump -c 10 -C 65 -p 1234
The next volition practise a pith dump when CPU usage is >= 65% or retentivity usage is >= 100 MB.
sudo procdump -C 65 -M 100 -p 1234
All options tin flame also endure used amongst -w instead of -p. -w volition aspect for a procedure amongst the given name.
The next waits for a procedure named my_application in addition to creates a pith dump straightaway when it is found.
sudo procdump -w my_application

Current Limitations
  • Currently volition exclusively run on Linux Kernels version 3.5+
  • Does non bring sum characteristic parity amongst Windows version of ProcDump, specifically, remain endure functionality, in addition to custom functioning counters


Popular posts from this blog

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows

Image
H5N1 Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass ii Step Verification Bypass Av (Coming Soon) Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r requirements.txt python TeleKiller.py Dependency : python 2.7 pyHook pywin32 Video Tutorial Operating Systems Tested Windows 10 Windows 8.1 Windows 8 Windows 7 Contact WebSite Ultra Security Team: https://ultrasec.org Channel Telegram: https://t.me/UltraSecurity Thanks to Milad Ranjbar MrQadir Download TeleKiller
Read more

Cameradar V2.1.0 - Hacks Its Mode Into Rtsp Videosurveillance Cameras

Image
   An RTSP flow access tool that comes alongside its library Cameradar allows you lot to Detect opened upward RTSP hosts on whatever accessible target host Detect which device model is streaming Launch automated dictionary attacks to larn their stream route (e.g.: /live.sdp ) Launch automated lexicon attacks to larn the username in addition to password of the cameras Retrieve a consummate in addition to user-friendly study of the results Docker Image for Cameradar Install docker on your machine, in addition to run the next command: docker run -t ullaakut/cameradar -t <target> <other command-line options> See command-line options . e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l volition scan the ports 554 in addition to 8554 of hosts on the 192.168.100.0/24 subnetwork in addition to laid on the discovered RTSP streams in addition to volition output debug logs. YOUR_TARGET tin hold out a subnet (e.g.: 172.16.100.0/24 )...
Read more

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Image
EfiGuard is a portable x64 UEFI bootkit that patches the Windows kicking manager, kicking loader too center at kicking fourth dimension inward club to disable PatchGuard too Driver Signature Enforcement (DSE). Features Currently supports all EFI-compatible versions of Windows x64 e'er released, from Vista SP1 to Server 2019. Easy to use: tin live on booted from a USB stick via a loader application that automatically finds too boots Windows. The driver tin also live on loaded too configured manually using either the UEFI rhythm out or the loader. Makes extensive utilization of the Zydis disassembler library for fast runtime pedagogy decoding to back upwardly to a greater extent than robust analysis than what is possible amongst signature matching, which oftentimes requires changes amongst novel OS updates. Works passively: the driver does non charge or start the Windows kicking manager. Instead it acts on a charge of bootmgfw.efi yesteryear the firmware kicking ...
Read more