Windows heap dump file magic bytes (.hdmp)

.hdmp file signature: 4D 44 4D 50 93 A7 | application/octet-stream

Windows heap dump (HDMP) is a diagnostic file format used by Microsoft Windows and associated debugging tools to capture the contents of a process heap during a crash or troubleshooting session. It is used by developers and support engineers to analyze memory corruption, application failures, and other runtime issues with debuggers and crash-analysis utilities. The format is primarily legacy and may contain sensitive memory data, so files from untrusted systems should be handled carefully.

Safe

Magic Bytes

Offset 0


              4D 44 4D 50 93 A7

Sources: Gary Kessler

Extension

.hdmp

MIME Type

application/octet-stream

Byte Offset

Risk Level

Safe

Validation Code

How to validate .hdmp files in Python

Python

def is_hdmp(file_path: str) -> bool:
    """Check if file is a valid HDMP by magic bytes."""
    signature = bytes([0x4D, 0x44, 0x4D, 0x50, 0x93, 0xA7])
    with open(file_path, "rb") as f:
        return f.read(6) == signature

How to validate .hdmp files in Node.js

Node.js

function isHDMP(buffer: Buffer): boolean {
  const signature = Buffer.from([0x4D, 0x44, 0x4D, 0x50, 0x93, 0xA7]);
  return buffer.subarray(0, 6).equals(signature);
}

How to validate .hdmp files in Go

func IsHDMP(data []byte) bool {
    signature := []byte{0x4D, 0x44, 0x4D, 0x50, 0x93, 0xA7}
    if len(data) < 6 {
        return false
    }
    return bytes.Equal(data[:6], signature)
}

API Endpoint

GET /api/v1/hdmp


              curl https://filesignature.org/api/v1/hdmp

See the full API documentation for all endpoints and parameters.

Frequently Asked Questions

What is a .hdmp file?

A .hdmp file is a Windows heap dump file. Windows heap dump (HDMP) is a diagnostic file format used by Microsoft Windows and associated debugging tools to capture the contents of a process heap during a crash or troubleshooting session. It is used by developers and support engineers to analyze memory corruption, application failures, and other runtime issues with debuggers and crash-analysis utilities. The format is primarily legacy and may contain sensitive memory data, so files from untrusted systems should be handled carefully.

What are the magic bytes for .hdmp files?

The magic bytes for Windows heap dump file (.hdmp) files are 4D 44 4D 50 93 A7 at byte offset 0. These bytes identify the file format more reliably than the extension alone.

How do I validate a .hdmp file?

To validate a .hdmp file, read the first bytes of the file and compare them against the known magic bytes (4D 44 4D 50 93 A7) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .hdmp files?

There is no officially registered MIME type for .hdmp files. Systems typically use application/octet-stream as a generic fallback when handling this format.

Is it safe to open .hdmp files?

Windows heap dump file (.hdmp) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.