Security Basics mailing list archives

RE: Memory dump

From: "dave kleiman" <dave () davekleiman com>
Date: Fri, 1 Dec 2006 18:11:53 -0500

You can download DD for Windows, or use DD in nix. It is free, you can run
it from a command line, you can even run it from a external drive or CD.

dd.exe if=\\.\PhysicalMemory of=x:\path\123.dd bs=4k conv=noerror 

You can output it to a external drive, and then choose your tool to analyze
with.



Respectfully,

Dave Kleiman - http://www.davekleiman.com/about.php 



     -----Original Message-----
     From: listbounce () securityfocus com 
     [mailto:listbounce () securityfocus com] On Behalf Of Jon Wallace
     Sent: Thursday, November 30, 2006 10:58
     To: divinepresence () gmail com; security-basics () securityfocus com
     Subject: Re: Memory dump
     
     Hi Ankur,
     
     In replying to your email, I'm assuming your using 
     Windows.  You can set a registry value to allow you to 
     press CTRL and Scroll Lock twice which will force a blue 
     screen, and therefore a crash dump.
     
     The Microsoft Windows Debugging site tells you how to do 
     this along with giving you a load of information about 
     analyzing the dumps: 
     http://www.microsoft.com/whdc/devtools/debugging/default.mspx
     
     I also found this link which tells you exactly how to do it: 
     http://www.hackwire.com/comments.php?id=51&catid=9
     
     To look at your dumps, just use tools like STRINGS from 
     SysInternals - you'll be amazed at the information you can 
     see, passwords, usernames, private data etc...
     
     Have Fun,
     Jon Wallace
     
     AppSense - http://www.appsense.com
     
     
     
     ----- Original Message -----
     From: <divinepresence () gmail com>
     To: <security-basics () securityfocus com>
     Sent: Wednesday, November 29, 2006 1:27 AM
     Subject: Memory dump
     
     
     > Hello all,
     > I wish to know how I can make a memory dump (to my HDD) 
     to analyze the 
     > memory contents. I tried googling but couldn't find anything.
     >
     > Any help/pointers appreciated.
     >
     > Thanks
     > Ankur
     >

Current thread:

Re: Memory dump Disco Jonny (Dec 01)
- <Possible follow-ups>
- Re: Memory dump Chris B (Dec 01)
- RE: Memory dump Chris Chandler (Dec 01)
  - RE: Memory dump Don Parker (Dec 04)
- Re: Memory dump Alcides (Dec 01)
- Re: Memory dump Jens Hoffmann (Dec 01)
- RE: Memory dump Phillip Oliven (Dec 01)
- Re: Memory dump Jon Wallace (Dec 01)
  - RE: Memory dump dave kleiman (Dec 04)
- Re: Memory dump Dathan Bennett (Dec 01)
- RE: Memory dump Murad Talukdar (Dec 01)
- Re: Memory dump Florencio Cano (Dec 01)
  - RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
    - Re: Memory dump Hylton Conacher(ZR1HPC) (Dec 07)
- Re: Memory dump Alexander Krizhanovsky (Dec 01)