Security Basics mailing list archives
Re: Memory dump
From: "Jon Wallace" <jon () b69ca com>
Date: Thu, 30 Nov 2006 10:57:30 -0500
Hi Ankur,In replying to your email, I'm assuming your using Windows. You can set a registry value to allow you to press CTRL and Scroll Lock twice which will force a blue screen, and therefore a crash dump.
The Microsoft Windows Debugging site tells you how to do this along with giving you a load of information about analyzing the dumps: http://www.microsoft.com/whdc/devtools/debugging/default.mspx
I also found this link which tells you exactly how to do it: http://www.hackwire.com/comments.php?id=51&catid=9
To look at your dumps, just use tools like STRINGS from SysInternals - you'll be amazed at the information you can see, passwords, usernames, private data etc...
Have Fun, Jon Wallace AppSense - http://www.appsense.com----- Original Message ----- From: <divinepresence () gmail com>
To: <security-basics () securityfocus com> Sent: Wednesday, November 29, 2006 1:27 AM Subject: Memory dump
Hello all,I wish to know how I can make a memory dump (to my HDD) to analyze the memory contents. I tried googling but couldn't find anything.Any help/pointers appreciated. Thanks Ankur
Current thread:
- Re: Memory dump Disco Jonny (Dec 01)
- <Possible follow-ups>
- Re: Memory dump Chris B (Dec 01)
- RE: Memory dump Chris Chandler (Dec 01)
- RE: Memory dump Don Parker (Dec 04)
- Re: Memory dump Alcides (Dec 01)
- Re: Memory dump Jens Hoffmann (Dec 01)
- RE: Memory dump Phillip Oliven (Dec 01)
- Re: Memory dump Jon Wallace (Dec 01)
- RE: Memory dump dave kleiman (Dec 04)
- Re: Memory dump Dathan Bennett (Dec 01)
- RE: Memory dump Murad Talukdar (Dec 01)
- Re: Memory dump Florencio Cano (Dec 01)
- RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
- Re: Memory dump Hylton Conacher(ZR1HPC) (Dec 07)
- RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
- Re: Memory dump Alexander Krizhanovsky (Dec 01)