Using r2 to analyse Minidumps

The minidump format is used by Microsoft for storing user-mode memory dumps. It is an openly documented format that is also extensible, but it is almost always analysed in WinDbg [1][2]. This article describes how to perform analysis of minidumps using radare2 mdmp module. Installation At the time of writing, the MDMP plugin resides in the radare2-extras repository as it is not yet part of the radare2 core. Thus it can be installed as follows: