MiniDumpWriteDump via COM+ Services DLL
by odzhan
modexp blog 2019
| Notes |
|---|
| MiniDump |
| MiniDumpWriteDump |
| COM+ |
| DLL |
| function export |
| comsvcs.dll |
| memory dump |
| Memory Dump Analysis Anthology Volume 1 - Dmitry Vostokov |
| crash dump |
| MiniDumpW |
| rundll32 |
| Unicode |
| rundll32 C:\windows\system32\comsvcs.dll MiniDump “PID outfile.bin” |
| COMSVCS |
| kernel32 |
| C |
| lsass.exe LSASS |
| VBscript |
| elevated process |
| debugging privilege |
| elevated cmd prompt |