Memory Parser (MMP) can be used to parse the meta-information stored within process dumps made with Process Dumper (pd). MMP extracts the different process mappings to disk and can then be used as a central workspace for further analyses.
What's new in Version 0.2
Process environment and state: Memory Parser now shows additional information about the environment and the state of the dumped process. For example the opened file descriptors, the CPU register values, a list of all threads (with CPU register values), the process environment variables, the process creation time and more.
Search for cryptographic material: Memory Parser now supports the possibility to search for RSA keys and certificates in the different mappings of a process dump.
Hash check of code mappings: It is now possible to compare the code mappings of a process dump with a list of hashes of known good or bad hashes. This feature is currently only supported with dumps of Windows processes.
Memory Parser requires Microsoft .NET Framework Version 2.0.
The new version 0.2 can only be used to analyze process dumps made with Process Dumper (pd) version 1.1.
Memory Parser is freeware but not open source.
Get the latest Windows version 0.2 (20 July 2006)
MMP Hash v0.2