@@ -50,6 +50,12 @@ def get_requirements(cls):
5050 default = False ,
5151 optional = True ,
5252 ),
53+ requirements .BooleanRequirement (
54+ name = "friendly" ,
55+ description = "Display process name in dump filename" ,
56+ default = False ,
57+ optional = True ,
58+ ),
5359 ]
5460
5561 @classmethod
@@ -60,6 +66,7 @@ def process_dump(
6066 pe_table_name : str ,
6167 proc : interfaces .objects .ObjectInterface ,
6268 open_method : Type [interfaces .plugins .FileHandlerInterface ],
69+ friendly : bool = False ,
6370 ) -> interfaces .plugins .FileHandlerInterface :
6471 """Extracts the complete data for a process as a FileHandlerInterface
6572
@@ -90,9 +97,20 @@ def process_dump(
9097 offset = peb .ImageBaseAddress ,
9198 layer_name = proc_layer_name ,
9299 )
93- file_handle = open_method (
94- f"pid.{ proc .UniqueProcessId } { peb .ImageBaseAddress :#x}
100+
101+ process_name = proc .ImageFileName .cast (
102+ "string" ,
103+ max_length = proc .ImageFileName .vol .count ,
104+ errors = "replace" ,
95105 )
106+ if friendly :
107+ file_handle = open_method (
108+ f"{ proc .UniqueProcessId } { process_name } { peb .ImageBaseAddress :#x}
109+ )
110+ else :
111+ file_handle = open_method (
112+ f"pid.{ proc .UniqueProcessId } { peb .ImageBaseAddress :#x}
113+ )
96114 for offset , data in dos_header .reconstruct ():
97115 file_handle .seek (offset )
98116 file_handle .write (data )
@@ -243,6 +261,7 @@ def _generator(self):
243261 pe_table_name ,
244262 proc ,
245263 self .open ,
264+ self .config ["friendly" ],
246265 )
247266 file_output = "Error outputting file"
248267 if file_handle :
0 commit comments