Security Basics mailing list archives
Re: Memory dump
From: Dathan Bennett <dathan () shsu edu>
Date: Thu, 30 Nov 2006 10:06:51 -0600
divinepresence () gmail com wrote:
(Windows) I've never seen a canned app to do this. Well, to be precise it can't be done from an app, it has to be done from a kernel driver. You could write your own driver and use a call to KeBugCheck to get the memory dump. Or, you could "crash" your system with NotMyFault from SysInternals (http://download.sysinternals.com/Files/Notmyfault.zip) and use the crash dump generated. Be aware that while this utility attempts to play nice with your system, it really is crashing, and so there's the possibility that you will get corrupted data. To set the level of reporting desired, go to System -> Advanced -> Startup and Recovery and pick the level of reporting you want.Hello all, I wish to know how I can make a memory dump (to my HDD) to analyze the memory contents. I tried googling but couldn't find anything. Any help/pointers appreciated. Thanks Ankur
~Dathan -- Dathan Bennett Network Administrator Center of Excellence in Digital Forensics Sam Houston State University Phone: (936) 294-4847 Fax: (936) 294-4222 E-mail: dathan () shsu edu
Current thread:
- Re: Memory dump Disco Jonny (Dec 01)
- <Possible follow-ups>
- Re: Memory dump Chris B (Dec 01)
- RE: Memory dump Chris Chandler (Dec 01)
- RE: Memory dump Don Parker (Dec 04)
- Re: Memory dump Alcides (Dec 01)
- Re: Memory dump Jens Hoffmann (Dec 01)
- RE: Memory dump Phillip Oliven (Dec 01)
- Re: Memory dump Jon Wallace (Dec 01)
- RE: Memory dump dave kleiman (Dec 04)
- Re: Memory dump Dathan Bennett (Dec 01)
- RE: Memory dump Murad Talukdar (Dec 01)
- Re: Memory dump Florencio Cano (Dec 01)
- RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
- Re: Memory dump Hylton Conacher(ZR1HPC) (Dec 07)
- RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
- Re: Memory dump Alexander Krizhanovsky (Dec 01)