Excavator is a WinDbg extension that scans live targets and crash dumps to find and extract embedded resources and executables to accelerate forensics and triage. It detects common media formats, archives, SQLite, PDB, and PE images; supports AoB pattern searches, address ranges, scope filters, and stack-only scans; and can reconstruct hidden/manual‑mapped PEs.
You can get started with this project by visiting the develop branch for more information.
This project operates under the Apache License 2.0 (Apache-2.0). Please refer to the LICENSE.md file for detailed information.
Your insights and feedback, whether positive or constructive, are immensely valuable. Your contributions guide the refinement of this plugin for future iterations.
Share your thoughts by opening an issue in the repository's issue section. Be sure to provide context and links when sharing your feedback.
Thank you for being an essential part of this plugin's growth journey.
