{"id":9945,"library":"minidump","title":"Minidump File Parser","description":"minidump is a Python library designed for parsing Windows minidump (.dmp) files. It allows developers and security researchers to programmatically extract information such as modules, threads, handles, and exception data from crash dumps. Currently at version 0.0.24, the library receives updates primarily for bug fixes and feature enhancements related to parsing accuracy and additional stream support.","status":"active","version":"0.0.24","language":"en","source_language":"en","source_url":"https://github.com/skelsec/minidump","tags":["windows","security","forensics","debugging","minidump","crash-dump"],"install":[{"cmd":"pip install minidump","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"MinidumpFile","correct":"from minidump.minidumpfile import MinidumpFile"}],"quickstart":{"code":"from minidump.minidumpfile import MinidumpFile\nimport os\n\n# For this example, ensure 'example.dmp' exists in the current directory\n# and is a valid Windows minidump file.\n# You can create a dummy file for testing, but real parsing requires a valid minidump.\nminidump_path = os.path.join(os.path.dirname(__file__), 'example.dmp')\n\n# Create a dummy file if it doesn't exist, though it won't be a valid minidump\n# This is just to make the example runnable without crashing on FileNotFoundError\nif not os.path.exists(minidump_path):\n    with open(minidump_path, 'w') as f:\n        f.write('DUMMY MINIDUMP CONTENT - REPLACE WITH REAL .dmp FILE')\n    print(f\"Warning: '{minidump_path}' created as a dummy. Replace with a real minidump for actual parsing.\")\n\ntry:\n    with open(minidump_path, 'rb') as f:\n        md = MinidumpFile.parse(f)\n        print(f\"Successfully parsed minidump: {minidump_path}\")\n        \n        # Accessing common streams\n        if md.modules:\n            print(f\"\\nModules found: {len(md.modules)}\")\n            for module in md.modules[:5]: # Print first 5 modules\n                print(f\"  - {module.name} (Base: {hex(module.baseofdll)})\")\n        \n        if md.threads:\n            print(f\"\\nThreads found: {len(md.threads)}\")\n            for thread in md.threads[:5]: # Print first 5 threads\n                print(f\"  - TID: {thread.threadid}, EIP: {hex(thread.stack.stackptr)}\")\n\n        if md.exceptions:\n            print(f\"\\nException Record found: {md.exceptions.exceptionrecord.exceptioncode}\")\n            \nexcept FileNotFoundError:\n    print(f\"Error: Minidump file not found at '{minidump_path}'. Please ensure it exists.\")\nexcept Exception as e:\n    print(f\"An error occurred during parsing: {e}\")\n\n# Clean up dummy file if it was created and is still dummy content\nif os.path.exists(minidump_path) and os.path.getsize(minidump_path) > 0:\n    with open(minidump_path, 'r') as f:\n        content = f.read(100) # Read first 100 chars\n        if 'DUMMY MINIDUMP CONTENT' in content:\n            os.remove(minidump_path)\n            print(f\"Cleaned up dummy file: '{minidump_path}'.\")","lang":"python","description":"This example demonstrates how to parse a minidump file and access its basic streams like modules, threads, and exception records. It assumes a file named 'example.dmp' exists in the same directory. Note that for actual parsing, 'example.dmp' must be a valid Windows minidump file."},"warnings":[{"fix":"Upgrade to `minidump>=0.0.24` to benefit from the latest parsing fixes and improvements.","message":"Parsing accuracy for MINIDUMP_EXCEPTION records and certain memory range (`inrange`) calculations was improved in versions 0.0.23 and 0.0.24. Older versions (prior to 0.0.23) may yield incorrect or incomplete data for these specific fields.","severity":"gotcha","affected_versions":"<0.0.23"},{"fix":"Ensure you are using `minidump>=0.0.17` or newer for better performance, especially with large files. Always open files in binary read mode (`'rb'`).","message":"Minidump files can be very large. The library handles file I/O, but ensure your system has sufficient memory and I/O capacity, especially when processing many or very large dumps. Buffered reading was introduced in version 0.0.17 for improved efficiency.","severity":"gotcha","affected_versions":"<0.0.17"},{"fix":"Verify the integrity and format of your `.dmp` files before parsing. Consider adding robust error handling (`try-except`) around `MinidumpFile.parse()` calls.","message":"The library expects a valid minidump file. Providing a corrupted, incomplete, or non-minidump file will likely result in a `minidump.exceptions.MinidumpParseError` or other unexpected errors.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Ensure the file path is correct and the file exists. Use an absolute path or verify the relative path from your script's execution directory. Example: `MinidumpFile.parse(open('/path/to/your_minidump.dmp', 'rb'))`","cause":"The specified minidump file does not exist at the provided path.","error":"FileNotFoundError: [Errno 2] No such file or directory: 'your_minidump.dmp'"},{"fix":"Verify the integrity of your `.dmp` file. Try opening it with a dedicated minidump viewer (like WinDbg or a similar forensic tool) to confirm its validity. Ensure it's not truncated or corrupted.","cause":"The file provided is either not a valid minidump file, is corrupted, or is not supported by the parser (e.g., an extremely old or malformed dump).","error":"minidump.exceptions.MinidumpParseError: Invalid minidump header"},{"fix":"Not all minidump files contain all possible streams. Always check if a stream exists before attempting to iterate or access its contents. Example: `if md.threads: for thread in md.threads: ...`","cause":"You are attempting to access a stream (e.g., 'threads', 'modules', 'exceptions') that is not present in the specific minidump file you are parsing.","error":"AttributeError: 'MinidumpFile' object has no attribute 'threads'"}]}