Turdshovel is an interactive CLI tool that allows users to dump objects from .NET memory dumps

Related tags

Command-line Toolsturdshovel
Overview

Turdshovel

logo

Description

Turdshovel is an interactive CLI tool that allows users to dump objects from .NET memory dumps without having to fully understand the intricacies of WinDbg. It uses Python.NET to wrap around ClrMD and perform basic operations for dumping objects and sections of memory. The primary goal of Turdshovel is to focus on finding secrets in memory dumps quickly.

It is absolutely not intended to be a full-fledged memory dump analysis tool.

Installation

Turdshovel is written in Python 3.8 and at the moment is expected to only work with Python 3.8. No testing has been performed with other Python versions. This is because Turdshovel has a dependency on Python.NET, which requires specific installations of its files per Python version. This may change in the future with the release of Python.NET 3.0 and Turdshovel will support Python >3.8 as long as Python.NET supports it.

Additionally, Turdshovel is meant to be installed on Windows and has only been tested on Windows. No testing has been performed with Linux. However, Turdshovel uses the .NET Standard 2.0 versions of ClrMD which supports:

  • .NET Core (2.0 - 6.0)
  • .NET Framework (4.6.1 - 4.8)
  • Mono (5.4, 6.4)

The inclusion of Mono may mean that Turdshovel works on Linux, especially since ClrMD does support Linux. However, future plans for Turdshovel may include features that will be limited to Windows due to dependencies. These features will not be supported on other OSes, so a Windows environment is your best bet for usage.

Microsoft offers free Windows 10 development environment VMs here.

Installing with Pipx

As a CLI tool, installation is highly recommended using Pipx to avoid any dependency confusions. Honestly, you should use Pipx for most Python CLI tools! Additionally, since Turdshovel only works with Python 3.8, this helps ensure that your virtual environment is set to use Python 3.8 at all times.

If your Pipx install was done with Python 3.8: pipx install turdshovel

If your Pipx install was done with different version: pipx install --python turdshovel

Usage

Turdshovel uses Nubia as its framework for an interactive CLI.

Command Arguments Description
load Loads a dump for a session
dump heap filter - Filter objects by strings Lists objects on the heap
dump obj address - Address of object to dump
save - Save ouput to disk		 Dumps object on heap by address
dump mem address - Address of memory to read
length - Length of bytes to read		 Dumps the memory in bytes at location
dump stat filter - Filter objects by strings
sort - Sort object by count or object
reverse - Reverse sorting output		 Dumps the count of each object on the heap
dump type types - Objects types Dumps the objects on the heap by type
help Show help
exit Exit

Commands

load

The load command takes the path to the file dump as an argument.

load command

dump heap

Similar to the dump heap command via SOS, this command will list the objects on the heap as well as their type. However, the output differs in that Turdshovel does not show objects which are listed as "Free" on the heap. You can optionally pass a list of strings as the filter.

dump heap

dump obj

Similar to the dump obj command via SOS, this command will dump all of the non-static fields of the object on the heap in JSON representation. You can also pass save=True to save the resulting JSON to disk.

IMPORTANT: When dumping a complex object, you may noticed fields . This indicates that the field would have caused a recursion error to occur so Turdshovel did not parse the field. This usually occurs with objects that reference themselves.

dump obj 1

dump obj 2

dump mem Prints the bytes at the location specified for the amount of bytes specified. This is useful when objects point to locations in memory that are not objects, such as encrypted data, or just seeing what is around any given memory address. The example shows a simple string which you could find with the strings command but there are better use cases, specifically with pointers!

dump mem

dump stat

Prints the count of each type of object. You can optionally filter the type using filter= and can sort the output by count or object using sort=.

dump stat

dump type

Dumps all objects of specific types. THIS CAN BE DANGEROUS so if you suspect a type might have a large amount of output, use "save=True" to write everything to disk.

dump type


Built With


Special Thanks

Owner
Leron Gray
Leron Gray
GitHub Repository
A simple CLI to convert snapshots into EAVT log, and EAVT log into SCD.

EAVT helper CLI Simple CLI to convert snapshots into eavt log, and eavt log into slowly changing dimensions Usage Installation Snapshot to EAVT log EA

2 Apr 07, 2022
A Python command-line utility for validating that the outputs of a given Declarative Form Azure Portal UI JSON template map to the input parameters of a given ARM Deployment Template JSON template

A Python command-line utility for validating that the outputs of a given Declarative Form Azure Portal UI JSON template map to the input parameters of a given ARM Deployment Template JSON template

Glenn Musa 1 Feb 03, 2022
A lightweight terminal-based password manager coded with Python using SQLCipher for SQLite database encryption.

password-manager A lightweight terminal-based password manager coded with Python using SQLCipher for SQLite database encryption. Screenshot Pre-requis

Leonardo de Araujo 15 Oct 15, 2022
CLI tool to computes CO2 emissions of HPC computations following green-algorithms.org methodology

gqueue gqueue is a CLI (command line interface) tool that computes carbon footprint of HPC computations on clusters running slurm. It follows the meth

4 Dec 10, 2021
Analysis of a daily word game "Wordle"

Wordle Analysis of a daily word game "Wordle" https://www.powerlanguage.co.uk/wordle/ Description Worlde is a daily word game in which a player attemp

Bartek 1 Feb 07, 2022
Lexeme - CLI to play a word-guessing game like Wordle

What is this? Python program to play a word-guessing game like Wordle, but… More addictive because you can play it over and over and over, not just on

Dan Lenski 6 Oct 26, 2022
command line interface to manage VALORANT skins

A PROPER RELEASE IS COMING SOON, IF YOU KNOW HOW TO USE PYTHON YOU CAN USE IT NOW! valorant skin manager command line interface simple command line in

colinh 131 Dec 25, 2022
A next-generation CLI and TUI that aims to be your personal assistant for everything competitive programming related. 🚀

Competitive Programming Tool Kit The Competitive Programming Tool Kit (cptk for short), is a command line and terminal user interface (CLI and TUI) th

Alon 4 May 21, 2022
This CLI give the possibility to do a queries in Star Wars API and returns a JSON in a terminal.

Star Wars CLI (swcli) This CLI give the possibility to do a queries in Star Wars API and returns a JSON in a terminal. Install $ pip install swcli Qu

Pery Lemke 5 Nov 05, 2021
CLI Web-CAT interface for people who use VIM.

CLI Web-CAT CLI Web-CAT interface. Installation git clone https://github.com/phuang1024/cliwebcat cd cliwebcat python setup.py bdist_wheel sdist cd di

Patrick 4 Apr 11, 2022
Simple tool, to update linux kernel on ubuntu

Kerbswap Simple tool, to update linux kernel on ubuntu Information At the moment, this tool only supports "Ubuntu" distributions, but will be expanded

dword 1 Oct 31, 2021
pls is a better ls for developers, pronounced /pliːz/ as in 'please'

pls is a better ls for developers. The "p" stands for ("pro" as in "professional"/"programmer") or "prettier". It works in a manner similar to ls, in

Dhruv Bhanushali 572 Dec 28, 2022
Neovim integration for Google Keep, built using gkeepapi

Gkeep.nvim Neovim integration for Google Keep, built using gkeepapi Requirements Neovim 0.5 Python 3.6+ A patched font (optional. Used for icons) Tabl

Steven Arcangeli 143 Jan 02, 2023
GetRepo-py is a command line client that queries GitHub API and searches repositories by given arguments

GetRepo-py is a command line client that queries GitHub API and searches repositories by given arguments

Davidcin 3 Feb 14, 2022
🌈 Beautify your command line interfaces.

Basics Install: pip install iridi Usage: import iridi # Create gradient text # iridi.print(message, colors, options) # Ask for input with gradient

Conrad Crawford 39 Oct 20, 2022
CLI to show end-of-life dates for tools and technologies.

Python 3.9+ interface to endoflife.date to show end-of-life dates for tools and technologies.

Hugo van Kemenade 32 Jan 06, 2023
AlienFX is a CLI and GUI utility to control the lighting effects of your Alienware computer.

AlienFX is a Linux utility to control the lighting effects of your Alienware computer. At present there is a CLI version (alienfx) and a gtk GUI versi

Stephen Harris 218 Dec 26, 2022
MsfMania is a command line tool developed in Python that is designed to bypass antivirus software on Windows and Linux/Mac in the future

MsfMania MsfMania is a command line tool developed in Python that is designed to bypass antivirus software on Windows and Linux/Mac in the future. Sum

446 Dec 21, 2022
Another (unofficial) Qt CLI Installer on multi-platforms

Another Qt installer(aqt) Release: Documentation: Test status: and Coverage: This is a utility alternative to the official graphical Qt installer, for

Hiroshi Miura 528 Jan 02, 2023
Doing set operations on files considered as sets of lines

CLI tool that can be used to do set operations like union on files considering them as a set of lines. Notes It ignores all empty lines with whitespac

Partho 11 Sep 06, 2022