Security Basics mailing list archives

Re: Memory dump

From: "Jon Wallace" <jon () b69ca com>
Date: Thu, 30 Nov 2006 10:57:30 -0500

Hi Ankur,

In replying to your email, I'm assuming your using Windows. You can set aregistry value to allow you to press CTRL and Scroll Lock twice which willforce a blue screen, and therefore a crash dump.

The Microsoft Windows Debugging site tells you how to do this along withgiving you a load of information about analyzing the dumps:http://www.microsoft.com/whdc/devtools/debugging/default.mspx

I also found this link which tells you exactly how to do it:http://www.hackwire.com/comments.php?id=51&catid=9

To look at your dumps, just use tools like STRINGS from SysInternals -you'll be amazed at the information you can see, passwords, usernames,private data etc...


Have Fun,
Jon Wallace

AppSense - http://www.appsense.com

----- Original Message -----From: <divinepresence () gmail com>

To: <security-basics () securityfocus com>
Sent: Wednesday, November 29, 2006 1:27 AM
Subject: Memory dump

Hello all,
I wish to know how I can make a memory dump (to my HDD) to analyze thememory contents. I tried googling but couldn't find anything.
Any help/pointers appreciated.

Thanks
Ankur

Current thread:

Re: Memory dump Disco Jonny (Dec 01)
- <Possible follow-ups>
- Re: Memory dump Chris B (Dec 01)
- RE: Memory dump Chris Chandler (Dec 01)
  - RE: Memory dump Don Parker (Dec 04)
- Re: Memory dump Alcides (Dec 01)
- Re: Memory dump Jens Hoffmann (Dec 01)
- RE: Memory dump Phillip Oliven (Dec 01)
- Re: Memory dump Jon Wallace (Dec 01)
  - RE: Memory dump dave kleiman (Dec 04)
- Re: Memory dump Dathan Bennett (Dec 01)
- RE: Memory dump Murad Talukdar (Dec 01)
- Re: Memory dump Florencio Cano (Dec 01)
  - RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
    - Re: Memory dump Hylton Conacher(ZR1HPC) (Dec 07)
- Re: Memory dump Alexander Krizhanovsky (Dec 01)