diff --git a/README.md b/README.md index f16cb41..a3bb2d1 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ NTDS.dit offline dumper with non-elevated -###Usage +### Usage ntdsdumpex.exe <-d ntds.dit> <-k HEX-SYS-KEY | -s system.hiv |-r> [-o out.txt] [-h] [-m] [-p] [-u] -d path of ntds.dit database -k use specified SYSKEY @@ -14,14 +14,14 @@ NTDS.dit offline dumper with non-elevated -m dump machine accounts -u USE UPPER-CASE-HEX -###Example: +### Example: ntdsdumpex.exe -r ntdsdumpex.exe -d ntds.dit -o hash.txt -s system.hiv -###Reference Source +### Reference Source `ntds.h`,`ntds.cpp`,`attributes.h` from [ntds_decode](https://github.com/mubix/ntds_decode) (some changed). `ntreg.c`,`ntreg.h` from search,fix some compatibility on windows,and remove the debug outputs. -###License -GPL \ No newline at end of file +### License +GPL