diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f93df06
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+/.vs
+bin
+obj
+*.user
diff --git a/Dumper.sln b/Dumper.sln
new file mode 100644
index 0000000..7306aa7
--- /dev/null
+++ b/Dumper.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26730.10
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Dumper", "Dumper\Dumper.csproj", "{F7BE8C16-6765-4B5E-9EA4-E13E6B8B580C}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {F7BE8C16-6765-4B5E-9EA4-E13E6B8B580C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {F7BE8C16-6765-4B5E-9EA4-E13E6B8B580C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {F7BE8C16-6765-4B5E-9EA4-E13E6B8B580C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {F7BE8C16-6765-4B5E-9EA4-E13E6B8B580C}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {74C43012-6EB3-4F30-B0A7-A3886ACE8BAF}
+ EndGlobalSection
+EndGlobal
diff --git a/Dumper/App.config b/Dumper/App.config
new file mode 100644
index 0000000..1d03b41
--- /dev/null
+++ b/Dumper/App.config
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/Dumper/Dumper.csproj b/Dumper/Dumper.csproj
new file mode 100644
index 0000000..031eecf
--- /dev/null
+++ b/Dumper/Dumper.csproj
@@ -0,0 +1,50 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {F7BE8C16-6765-4B5E-9EA4-E13E6B8B580C}
+ Exe
+ Dumper
+ Dumper
+ v4.0
+ 512
+ true
+ Client
+
+
+ AnyCPU
+ true
+ full
+ false
+ bin\Debug\
+ DEBUG;TRACE
+ prompt
+ 4
+ false
+
+
+ AnyCPU
+ pdbonly
+ true
+ bin\Release\
+ TRACE
+ prompt
+ 4
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Dumper/Program.cs b/Dumper/Program.cs
new file mode 100644
index 0000000..a46cd30
--- /dev/null
+++ b/Dumper/Program.cs
@@ -0,0 +1,154 @@
+using System;
+using System.Diagnostics;
+using System.Globalization;
+using System.IO;
+using System.IO.MemoryMappedFiles;
+using System.Linq;
+using System.Runtime.InteropServices;
+
+namespace Dumper
+{
+ [Flags]
+ public enum ProcessAccessFlags : uint
+ {
+ All = 0x001F0FFF,
+ Terminate = 0x00000001,
+ CreateThread = 0x00000002,
+ VirtualMemoryOperation = 0x00000008,
+ VirtualMemoryRead = 0x00000010,
+ VirtualMemoryWrite = 0x00000020,
+ DuplicateHandle = 0x00000040,
+ CreateProcess = 0x000000080,
+ SetQuota = 0x00000100,
+ SetInformation = 0x00000200,
+ QueryInformation = 0x00000400,
+ QueryLimitedInformation = 0x00001000,
+ Synchronize = 0x00100000
+ }
+
+ class Program
+ {
+ [DllImport("kernel32.dll", SetLastError = true)]
+ public static extern SafeProcessHandle OpenProcess(
+ ProcessAccessFlags processAccess,
+ bool bInheritHandle,
+ int processId
+ );
+
+
+ [DllImport("kernel32.dll")]
+ public static extern bool ReadProcessMemory(IntPtr hProcess,
+ IntPtr lpBaseAddress, IntPtr lpBuffer, IntPtr dwSize, out IntPtr lpNumberOfBytesRead);
+
+
+ public static bool TryParse(string str, out long value)
+ {
+
+ return long.TryParse(str, NumberStyles.Any, CultureInfo.InvariantCulture, out value) ||
+ TryParseHex(str, out value);
+ }
+ public static bool TryParseHex(string str, out long value)
+ {
+ value = 0;
+ if (str.Length < 3) return false;
+ if (!str.StartsWith("0x")) return false;
+
+ return long.TryParse(str.Substring(2), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out value);
+ }
+
+ static void Main(string[] args)
+ {
+ if (args.Length != 3)
+ {
+ Console.WriteLine("Wrong argument count.\nUsage:\ndumper.exe ");
+ return;
+ }
+
+ if (!TryParse(args[1], out var address))
+ {
+ Console.WriteLine($"Bad address value {args[1]}");
+ return;
+ }
+
+ if (!TryParse(args[2], out var length))
+ {
+ Console.WriteLine($"Bad length value {args[2]}");
+ return;
+ }
+
+ if (!int.TryParse(args[0], out var processId))
+ {
+ var processName = args[0];
+ var process = Process.GetProcessesByName(processName);
+ if (process.Length == 0)
+ {
+ Console.WriteLine($"Process {processName} not found");
+ return;
+ }
+ if (process.Length > 1)
+ {
+ Console.WriteLine($"Found more than one instance of process with name {processName}");
+ return;
+ }
+ processId = process.Single().Id;
+ }
+
+ using (var process = OpenProcess(ProcessAccessFlags.VirtualMemoryRead, false, processId))
+ {
+ if (process.IsInvalid)
+ {
+ Console.WriteLine($"Opening process {processId} failed with error {Marshal.GetLastWin32Error()}");
+ return;
+ }
+
+ var outFileName = $"{args[0]}-{args[1]}-{args[2]}";
+
+ outFileName = GetNextFreeName(outFileName, ".dmp");
+
+ Console.WriteLine($"Saving contents of process {processId} to {outFileName}");
+
+ try
+ {
+ Dump(process, outFileName, new IntPtr(address), new IntPtr(length));
+ Console.WriteLine("Done");
+ }
+ catch (Exception e)
+ {
+ Console.WriteLine($"Writing file failed with exception {e}");
+ }
+ }
+ }
+
+ private static void Dump(SafeProcessHandle process, string outFileName, IntPtr address, IntPtr length)
+ {
+ using (var file = File.Create(outFileName))
+ using (var mmf = MemoryMappedFile.CreateFromFile(file, null, length.ToInt64(), MemoryMappedFileAccess.ReadWrite, null, HandleInheritability.None, false))
+ using (var accessor = mmf.CreateViewAccessor(0, 0, MemoryMappedFileAccess.Write))
+ {
+ var buffer = (SafeBuffer)accessor.SafeMemoryMappedViewHandle;
+ var ptr = buffer.DangerousGetHandle();
+ if (!ReadProcessMemory(process.DangerousGetHandle(), address, ptr, length, out var read))
+ {
+ Console.WriteLine($"Reading process memory failed with error {Marshal.GetLastWin32Error()}");
+ }
+ if (read != length)
+ {
+ Console.WriteLine($"Data was read partially - {read.ToInt64()} bytes out of {length.ToInt64()} bytes requested");
+ file.SetLength(read.ToInt64());
+ }
+ }
+ }
+
+ private static string GetNextFreeName(string outFileName, string ext)
+ {
+ var currName = outFileName;
+ var counter = 0;
+ while (File.Exists(currName + ext))
+ {
+ counter++;
+ currName = $"{outFileName}({counter})";
+ }
+ return currName + ext;
+ }
+ }
+}
diff --git a/Dumper/Properties/AssemblyInfo.cs b/Dumper/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..75df373
--- /dev/null
+++ b/Dumper/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Dumper")]
+[assembly: AssemblyDescription("Simple partial memory dump tool")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("Alexander Vostres")]
+[assembly: AssemblyProduct("Dumper")]
+[assembly: AssemblyCopyright("Copyright © 2017 Alexander Vostres")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("f7be8c16-6765-4b5e-9ea4-e13e6b8b580c")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/Dumper/SafeProcessHandle.cs b/Dumper/SafeProcessHandle.cs
new file mode 100644
index 0000000..aa84c24
--- /dev/null
+++ b/Dumper/SafeProcessHandle.cs
@@ -0,0 +1,30 @@
+using System;
+using System.Runtime.InteropServices;
+using Microsoft.Win32.SafeHandles;
+
+public sealed class SafeProcessHandle : SafeHandleZeroOrMinusOneIsInvalid
+{
+ [DllImport("kernel32.dll", SetLastError = true)]
+ public static extern bool CloseHandle(IntPtr handle);
+
+ public SafeProcessHandle()
+ : base(true)
+ {
+ }
+
+ public SafeProcessHandle(IntPtr handle)
+ : base(true)
+ {
+ base.SetHandle(handle);
+ }
+
+ public void InitialSetHandle(IntPtr handlePtr)
+ {
+ handle = handlePtr;
+ }
+
+ protected override bool ReleaseHandle()
+ {
+ return CloseHandle(handle);
+ }
+}
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..8282e09
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Alexander Vostres
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..fd3653a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+Dumper
+======
+
+This is fairly simple tool to dump portion of process memory under Windows operating system.
+It's intended usage is to augment somewhat limited Memory View in Visual Studio in terms of copying process memory contents.
+
+Command syntax:
+```
+dumper.exe
+```
+
+Example usage:
+```
+Dumper.exe notepad 0x24D3EF98 0x17
+```
+
+This will find process called notepad.exe, open it, create file called notepad-0x24D3EF98-0x17.dmp and copy 23 bytes of data into file starting and memory address 0x24D3EF98.
+
+Both address and length can be hex or decimal sting, instead of process name it's possible to supply process ID in decimal format.
+
+Inspired by [StackOverflow answer](https://stackoverflow.com/a/8017023) and long gone user142207 (whoever that is!)
\ No newline at end of file