Re: Imaging memory on Win7 64bit

["Matt Nelson" <mattnels () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Check out FastDumpPro from HBGary.   It isn't free, but it will accomplish
what you are looking for. You'll still need to figure your way around the
UAC issue using psexec.

- -----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com
[mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Josh Little
Sent: Friday, September 17, 2010 1:05 PM
To: PaulDotCom Mailing List
Subject: [Pauldotcom] Imaging memory on Win7 64bit



* PGP Signed by an unknown key

So it's only the second week of our first production trial of Win7 and
it seems as if someone has already gone and f'ed up their machine. So
I go to grab the memory to see what is really going on an low and
behold neither MDD or Memoryze can dump the memory contents. MDD is
falling foul of the signed driver only protections in Win7. Memoryze
completes, but with a 0byte img file. Probably for similar reasons as
MDD. Anyone know of a non-commercial tool that is working in Win7 64bit?

ZT

* Unknown Key
* 0x741D70C7(L)

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.0.2 (Build 13)
Charset: us-ascii

wsBVAwUBTJQHJHYneZPW8UxfAQj+/gf/YCDE4CH/dCJJbhZVqftiYitjflKW/vfi
n/S9bhVDgaWtoRNX7NFwcNosq5bkJxkCAvLMTtO8m+jfmtJjBAymX140NOwZcHYi
xnk469Vvw2bhovtZp9v0ySHaNP7ltMfFEHv+GNw3fe8J6t5mPOpRloJQRDtUmhwm
DX3Q8zOnNCtsktyeRO6niDXW+bMhJvSZg/Tc9omgn+zAU3nZe/BRyYV4LrsyE/d/
zhwn0/3GfjOPB78G/WADBLxEO9bLIZz8AOGCKqnYu29dxDtRz3UFHS7E0nXk5/mK
Fzz/Mt72ueBBEkcrx+xo/fw/1xB+TtIjmz6F4uJOrS1opt30WTqdNA==
=l5ih
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com