Basically, it attaches to a process, read the whole memory (unlike LordPE / OllyDump, this tool is design to download the whole memory of the process), and saves it to disk.
There are two implemented ways to attach to a process (OpenProcess or the Debugger API), two ways to find the memory regions to dump (VirtualQueryEx or brute-force-like trying to read each memory page with ReadProcessMemory), and three methods to save the memory (either as a single file with or without padding between used memory regions, or as multiple files - one for each memory block).
Anyway, the tool is open source (check the License.txt file for details), written in C++, and might come in handy if you do some malware analysis or other reverse engineering stuff.
Download:
HiperDrop-0.0.1.zip (63 KB)
Content of the archive:
HiperDrop.cpp - source file
HiperDrop.exe - Windows executable, compiled with MinGW GCC
License.txt - yes yes, this is the license file
Readme.txt - some more details about the tool
The TODO list currently has a few important entries, like:
* the generated .map file must contain more information about the regions, like access rights, entropy, use, etc
* downloading the memory without using ReadProcessMemory, using a thread in the target process to download data via pipes
By the way...
If you're looking for a deep dive into the topics of Kubernetes security, check out our new hands-on workshop, starting June 2026 → Practical Deep Dive into Kubernetes Security
Also, I'm, thinking about kernel-level memory download, but there already is a tool to do kernel-mode memory dumps - TraceHook by j00ru. You can read about it here (0.0.1) and here (0.2).
More TODO entries can be found in the Readme.txt and by greping the source code :)
That's it I guess. Comments are welcomed!
Add a comment: