I've started releasing some tools for assisting in analyzing dumps of physical memory (RAM) from Windows 2000 systems, made using dd.exe.
These tools are being released at
http//
So far, I've released two tools…lsproc locates processes (and threads) within the memory dump, and lspd will dump the details of a specific process from the dump file.
I'm working on cleaning up those tools, and also releasing other tools to dump the memory used by a process, and also the process's executable image.
If you try them out, comments are appreciated. I've already gotten some feedback, and it's very much appreciated.
Harlan
Very interessant Harlan
wink
psycko,
Thanks. Do you think that something like this is useful? Would you use it?
I purchased a copy of RDF recently, b/c one of the authors was standing right there and I wanted him to sign it. I found out that the DVD has a physical memory dump from a Windows 2000 system…so I'm going to try it out.
Harlan