Analyzing Windows P...
 
Notifications
Clear all

Analyzing Windows Physical Memory

3 Posts
2 Users
0 Likes
341 Views
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

I've started releasing some tools for assisting in analyzing dumps of physical memory (RAM) from Windows 2000 systems, made using dd.exe.

These tools are being released at
http//sourceforge.net/projects/windowsir

So far, I've released two tools…lsproc locates processes (and threads) within the memory dump, and lspd will dump the details of a specific process from the dump file.

I'm working on cleaning up those tools, and also releasing other tools to dump the memory used by a process, and also the process's executable image.

If you try them out, comments are appreciated. I've already gotten some feedback, and it's very much appreciated.

Harlan

 
Posted : 09/04/2006 4:28 pm
(@psycko)
Posts: 16
Active Member
 

Very interessant Harlan
wink

 
Posted : 10/04/2006 1:50 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

psycko,

Thanks. Do you think that something like this is useful? Would you use it?

I purchased a copy of RDF recently, b/c one of the authors was standing right there and I wanted him to sign it. I found out that the DVD has a physical memory dump from a Windows 2000 system…so I'm going to try it out.

Harlan

 
Posted : 10/04/2006 8:00 pm
Share: