Task 142: .DMP File Format
Task 142: .DMP File Format
File Format Specifications for the .DMP File Format
The .DMP file format refers to the Windows Minidump format, a binary file structure used by the Windows operating system to capture the state of a process or system at the time of a crash for debugging purposes. This format is defined in the Microsoft Win32 API documentation, specifically in the minidumpapiset.h header, and consists of a header followed by a directory of streams, each containing specific data such as thread information, memory allocations, or system details. The format is designed for compactness and modularity, allowing selective inclusion of data based on the dump type. The structure is little-endian, with fields aligned to natural boundaries.
1. List of All Properties of This File Format Intrinsic to Its File System
The intrinsic properties of the .DMP file format are the fields in the MINIDUMP_HEADER structure, which define the overall layout and metadata of the file. These properties are essential for parsing the file and are not dependent on external file system attributes like creation date or permissions. The list is as follows:
| Property Name | Type | Size (Bytes) | Description |
|---|---|---|---|
| Signature | ULONG32 | 4 | The signature value, set to 0x504D444D ('MDMP' in ASCII), identifying the file as a minidump. |
| Version | ULONG32 | 4 | The version of the minidump format. The low-order word is the minidump version (typically 42899 or 0xA793); the high-order word is implementation-specific. |
| NumberOfStreams | ULONG32 | 4 | The number of streams in the minidump directory. |
| StreamDirectoryRva | RVA (ULONG32) | 4 | The relative virtual address (RVA) of the stream directory, an array of MINIDUMP_DIRECTORY structures. |
| CheckSum | ULONG32 | 4 | The checksum of the minidump file, which may be zero if not computed. |
| TimeDateStamp | ULONG32 | 4 | The time and date of the dump creation, in time_t format (seconds since January 1, 1970, UTC). |
| Flags | ULONG64 | 8 | Flags indicating the type of minidump, from the MINIDUMP_TYPE enumeration (e.g., MiniDumpNormal = 0x00000000, MiniDumpWithFullMemory = 0x00000002). |
These properties constitute the fixed header of the file, totaling 32 bytes. Additional data, such as streams, follows based on the header values.
2. Two Direct Download Links for Files of Format .DMP
Sample .DMP files are available in archived form for debugging purposes. The following links provide direct downloads to ZIP archives containing sample .DMP minidump files:
- http://www.debuginfo.com/download/effminidumpexamples.zip (contains multiple sample .DMP files generated for demonstration).
- https://forums.majorgeeks.com/attachments/sampleminidumps-zip.7696/ (contains sample .DMP files like Mini030404-01.dmp and nick.dmp for analysis).
3. Ghost Blog Embedded HTML JavaScript for Drag and Drop .DMP File Analysis
The following is an embedded HTML and JavaScript snippet suitable for a Ghost blog post. It creates a drag-and-drop interface that allows users to upload a .DMP file, parses the header, and displays the properties listed above on the screen.
Drag and drop a .DMP file here or click to select.
4. Python Class for .DMP File Handling
The following Python class can open, decode, read, write, and print the properties of a .DMP file to the console.
import struct
import datetime
class DmpFileHandler:
HEADER_FORMAT = '<I I I I I I Q' # Little-endian: 4x ULONG32, 1x ULONG32 (TimeDateStamp), 1x ULONG64
HEADER_SIZE = 32
def __init__(self, filepath=None):
self.signature = 0x504D444D
self.version = 42899 # Default minidump version
self.number_of_streams = 0
self.stream_directory_rva = self.HEADER_SIZE
self.checksum = 0
self.time_date_stamp = int(datetime.datetime.now().timestamp())
self.flags = 0
if filepath:
self.read(filepath)
def read(self, filepath):
with open(filepath, 'rb') as f:
header = f.read(self.HEADER_SIZE)
if len(header) < self.HEADER_SIZE:
raise ValueError("File too small for .DMP header.")
(self.signature, self.version, self.number_of_streams, self.stream_directory_rva,
self.checksum, self.time_date_stamp, self.flags) = struct.unpack(self.HEADER_FORMAT, header)
if self.signature != 0x504D444D:
raise ValueError("Invalid .DMP signature.")
def print_properties(self):
print("Signature:", hex(self.signature))
print("Version:", self.version)
print("NumberOfStreams:", self.number_of_streams)
print("StreamDirectoryRva:", hex(self.stream_directory_rva))
print("CheckSum:", hex(self.checksum))
print("TimeDateStamp:", datetime.datetime.fromtimestamp(self.time_date_stamp).isoformat())
print("Flags:", hex(self.flags))
def write(self, filepath):
header = struct.pack(self.HEADER_FORMAT, self.signature, self.version, self.number_of_streams,
self.stream_directory_rva, self.checksum, self.time_date_stamp, self.flags)
with open(filepath, 'wb') as f:
f.write(header)
# Note: Streams would be written here if implemented; this writes a minimal empty dump.
Example usage:
handler = DmpFileHandler('sample.dmp')
handler.print_properties()
handler.write('new.dmp')
5. Java Class for .DMP File Handling
The following Java class can open, decode, read, write, and print the properties of a .DMP file to the console.
import java.io.*;
import java.nio.*;
import java.nio.channels.FileChannel;
import java.nio.file.StandardOpenOption;
import java.time.*;
public class DmpFileHandler {
private static final int HEADER_SIZE = 32;
private long signature = 0x504D444DL;
private long version = 42899L;
private long numberOfStreams = 0L;
private long streamDirectoryRva = HEADER_SIZE;
private long checksum = 0L;
private long timeDateStamp = Instant.now().getEpochSecond();
private long flags = 0L;
public DmpFileHandler(String filepath) throws IOException {
if (filepath != null) {
read(filepath);
}
}
public void read(String filepath) throws IOException {
try (RandomAccessFile raf = new RandomAccessFile(filepath, "r")) {
ByteBuffer buffer = ByteBuffer.allocate(HEADER_SIZE).order(ByteOrder.LITTLE_ENDIAN);
raf.getChannel().read(buffer);
buffer.flip();
signature = buffer.getInt() & 0xFFFFFFFFL;
version = buffer.getInt() & 0xFFFFFFFFL;
numberOfStreams = buffer.getInt() & 0xFFFFFFFFL;
streamDirectoryRva = buffer.getInt() & 0xFFFFFFFFL;
checksum = buffer.getInt() & 0xFFFFFFFFL;
timeDateStamp = buffer.getInt() & 0xFFFFFFFFL;
flags = buffer.getLong();
if (signature != 0x504D444DL) {
throw new IOException("Invalid .DMP signature.");
}
}
}
public void printProperties() {
System.out.println("Signature: 0x" + Long.toHexString(signature).toUpperCase());
System.out.println("Version: " + version);
System.out.println("NumberOfStreams: " + numberOfStreams);
System.out.println("StreamDirectoryRva: 0x" + Long.toHexString(streamDirectoryRva).toUpperCase());
System.out.println("CheckSum: 0x" + Long.toHexString(checksum).toUpperCase());
System.out.println("TimeDateStamp: " + Instant.ofEpochSecond(timeDateStamp).toString());
System.out.println("Flags: 0x" + Long.toHexString(flags).toUpperCase());
}
public void write(String filepath) throws IOException {
ByteBuffer buffer = ByteBuffer.allocate(HEADER_SIZE).order(ByteOrder.LITTLE_ENDIAN);
buffer.putInt((int) signature);
buffer.putInt((int) version);
buffer.putInt((int) numberOfStreams);
buffer.putInt((int) streamDirectoryRva);
buffer.putInt((int) checksum);
buffer.putInt((int) timeDateStamp);
buffer.putLong(flags);
buffer.flip();
try (FileChannel channel = FileChannel.open(java.nio.file.Paths.get(filepath), StandardOpenOption.CREATE, StandardOpenOption.WRITE)) {
channel.write(buffer);
}
}
public static void main(String[] args) throws IOException {
DmpFileHandler handler = new DmpFileHandler("sample.dmp");
handler.printProperties();
handler.write("new.dmp");
}
}
6. JavaScript Class for .DMP File Handling
The following JavaScript class can open, decode, read, write, and print the properties of a .DMP file to the console. (Note: Node.js is required for file I/O.)
const fs = require('fs');
class DmpFileHandler {
constructor(filepath = null) {
this.signature = 0x504D444D;
this.version = 42899;
this.numberOfStreams = 0;
this.streamDirectoryRva = 32;
this.checksum = 0;
this.timeDateStamp = Math.floor(Date.now() / 1000);
this.flags = BigInt(0);
if (filepath) this.read(filepath);
}
read(filepath) {
const buffer = fs.readFileSync(filepath);
const view = new DataView(buffer.buffer);
this.signature = view.getUint32(0, true);
if (this.signature !== 0x504D444D) throw new Error('Invalid .DMP signature.');
this.version = view.getUint32(4, true);
this.numberOfStreams = view.getUint32(8, true);
this.streamDirectoryRva = view.getUint32(12, true);
this.checksum = view.getUint32(16, true);
this.timeDateStamp = view.getUint32(20, true);
this.flags = view.getBigUint64(24, true);
}
printProperties() {
console.log('Signature:', '0x' + this.signature.toString(16).toUpperCase());
console.log('Version:', this.version);
console.log('NumberOfStreams:', this.numberOfStreams);
console.log('StreamDirectoryRva:', '0x' + this.streamDirectoryRva.toString(16).toUpperCase());
console.log('CheckSum:', '0x' + this.checksum.toString(16).toUpperCase());
console.log('TimeDateStamp:', new Date(this.timeDateStamp * 1000).toUTCString());
console.log('Flags:', '0x' + this.flags.toString(16).toUpperCase());
}
write(filepath) {
const buffer = new ArrayBuffer(32);
const view = new DataView(buffer);
view.setUint32(0, this.signature, true);
view.setUint32(4, this.version, true);
view.setUint32(8, this.numberOfStreams, true);
view.setUint32(12, this.streamDirectoryRva, true);
view.setUint32(16, this.checksum, true);
view.setUint32(20, this.timeDateStamp, true);
view.setBigUint64(24, this.flags, true);
fs.writeFileSync(filepath, new Uint8Array(buffer));
}
}
// Example usage:
const handler = new DmpFileHandler('sample.dmp');
handler.printProperties();
handler.write('new.dmp');
7. C Class for .DMP File Handling
The following C struct and functions provide class-like functionality to open, decode, read, write, and print the properties of a .DMP file to the console.
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <time.h>
typedef struct {
uint32_t signature;
uint32_t version;
uint32_t numberOfStreams;
uint32_t streamDirectoryRva;
uint32_t checksum;
uint32_t timeDateStamp;
uint64_t flags;
} DmpFileHandler;
void dmp_init(DmpFileHandler *handler) {
handler->signature = 0x504D444D;
handler->version = 42899;
handler->numberOfStreams = 0;
handler->streamDirectoryRva = 32;
handler->checksum = 0;
handler->timeDateStamp = (uint32_t)time(NULL);
handler->flags = 0;
}
int dmp_read(DmpFileHandler *handler, const char *filepath) {
FILE *f = fopen(filepath, "rb");
if (!f) return -1;
fread(handler, sizeof(DmpFileHandler), 1, f);
fclose(f);
if (handler->signature != 0x504D444D) return -2; // Invalid signature
return 0;
}
void dmp_print_properties(const DmpFileHandler *handler) {
struct tm *tm = gmtime((time_t *)&handler->timeDateStamp);
char date[32];
strftime(date, sizeof(date), "%Y-%m-%d %H:%M:%S UTC", tm);
printf("Signature: 0x%08X\n", handler->signature);
printf("Version: %u\n", handler->version);
printf("NumberOfStreams: %u\n", handler->numberOfStreams);
printf("StreamDirectoryRva: 0x%08X\n", handler->streamDirectoryRva);
printf("CheckSum: 0x%08X\n", handler->checksum);
printf("TimeDateStamp: %s\n", date);
printf("Flags: 0x%016llX\n", (unsigned long long)handler->flags);
}
int dmp_write(const DmpFileHandler *handler, const char *filepath) {
FILE *f = fopen(filepath, "wb");
if (!f) return -1;
fwrite(handler, sizeof(DmpFileHandler), 1, f);
fclose(f);
return 0;
}
int main() {
DmpFileHandler handler;
dmp_init(&handler);
if (dmp_read(&handler, "sample.dmp") == 0) {
dmp_print_properties(&handler);
dmp_write(&handler, "new.dmp");
}
return 0;
}