|
Security Basics
mailing list archives
Re: Memory dump
From: Dathan Bennett <dathan () shsu edu>
Date: Thu, 30 Nov 2006 10:06:51 -0600
divinepresence () gmail com wrote:
Hello all,
I wish to know how I can make a memory dump (to my HDD) to analyze the memory contents. I tried googling but couldn't
find anything.
Any help/pointers appreciated.
Thanks
Ankur
(Windows) I've never seen a canned app to do this. Well, to be precise
it can't be done from an app, it has to be done from a kernel driver.
You could write your own driver and use a call to KeBugCheck to get the
memory dump. Or, you could "crash" your system with NotMyFault from
SysInternals (http://download.sysinternals.com/Files/Notmyfault.zip) and
use the crash dump generated. Be aware that while this utility attempts
to play nice with your system, it really is crashing, and so there's the
possibility that you will get corrupted data. To set the level of
reporting desired, go to System -> Advanced -> Startup and Recovery and
pick the level of reporting you want.
~Dathan
--
Dathan Bennett
Network Administrator
Center of Excellence in Digital Forensics
Sam Houston State University
Phone: (936) 294-4847
Fax: (936) 294-4222
E-mail: dathan () shsu edu
 By Date 
By Thread
Current thread:
- Re: Memory dump, (continued)
|
Intro
