Daniel Roberson - minidumpwritedumpviacomservicesdll-modexp2019

Daniel Roberson

minidumpwritedumpviacomservicesdll-modexp2019

2025-03-03

MiniDumpWriteDump via COM+ Services DLL

by odzhan

modexp blog 2019

https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/

Notes
MiniDump
MiniDumpWriteDump
COM+
DLL
function export
comsvcs.dll
memory dump
Memory Dump Analysis Anthology Volume 1 - Dmitry Vostokov
crash dump
MiniDumpW
rundll32
Unicode
rundll32 C:\windows\system32\comsvcs.dll MiniDump “PID outfile.bin”
COMSVCS
kernel32
C
lsass.exe LSASS
VBscript
elevated process
debugging privilege
elevated cmd prompt

Links to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit