|
Security Basics
mailing list archives
RE: Memory dump
From: "dave kleiman" <dave () davekleiman com>
Date: Fri, 1 Dec 2006 18:11:53 -0500
You can download DD for Windows, or use DD in nix. It is free, you can run
it from a command line, you can even run it from a external drive or CD.
dd.exe if=\\.\PhysicalMemory of=x:\path\123.dd bs=4k conv=noerror
You can output it to a external drive, and then choose your tool to analyze
with.
Respectfully,
Dave Kleiman - http://www.davekleiman.com/about.php
-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Jon Wallace
Sent: Thursday, November 30, 2006 10:58
To: divinepresence () gmail com; security-basics () securityfocus com
Subject: Re: Memory dump
Hi Ankur,
In replying to your email, I'm assuming your using
Windows. You can set a registry value to allow you to
press CTRL and Scroll Lock twice which will force a blue
screen, and therefore a crash dump.
The Microsoft Windows Debugging site tells you how to do
this along with giving you a load of information about
analyzing the dumps:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
I also found this link which tells you exactly how to do it:
http://www.hackwire.com/comments.php?id=51&catid=9
To look at your dumps, just use tools like STRINGS from
SysInternals - you'll be amazed at the information you can
see, passwords, usernames, private data etc...
Have Fun,
Jon Wallace
AppSense - http://www.appsense.com
----- Original Message -----
From: <divinepresence () gmail com>
To: <security-basics () securityfocus com>
Sent: Wednesday, November 29, 2006 1:27 AM
Subject: Memory dump
> Hello all,
> I wish to know how I can make a memory dump (to my HDD)
to analyze the
> memory contents. I tried googling but couldn't find anything.
>
> Any help/pointers appreciated.
>
> Thanks
> Ankur
>
 By Date 
By Thread
Current thread:
- RE: Memory dump, (continued)
|
Intro
