i am just looking for some recommendations of open source software that can grab the volatile memory (RAM) from a windows machine.
dd
Harlan
More specifically…
http//
Now, the $64 question…what are you planning to do with it once you have it? Given the discussions that have taken place here, and on other boards, I'm sincerely curious about this topic.
Harlan
thank you for the info. i didn't realize you could do it with dd.
i hope i don't disappoint you when i say that my intentions in using it right now are just educational. i'm just going to run it on my machine, etc.
Hi koko,
You can use 'dd' for some memory, but not all. Not all memory has an EOF marker, and 'dd' doesn't like that. Memory can have holes … and 'dd' won't like that either.
You're much better off using a tool written for dumping memory, reading one page at a time so as to minimize your affect on the system memory. 'memdump' is one such tool.
regards,
farmerdude
Thomas,
Are you referring to the 'memdump' that comes with TCT?
http//
Harlan
memdump by Wietse is the tool I mentioned in my post. I know it's separate from TCT, unless recently he's added it into the package. We spoke of grabbing memory a few years back at AusCERT and subsequently he released memdump. There are others, but this works very well.
regards,
farmerdude
Thomas,
Given that the 'memdump' you mentioned is for *nix systems, is there a version available for Windows, per the subject of the thread?
Harlan
Hi !
There's a freeware DOS version, located here
http//
Regards
R1
R1 beat me to the reply. That link appears to work.
I have used memdump compiled for Windows as well (DOS version) in addition to a proprietary dumper, one page at a time.
Download from the R1 link and test it out.
regards,
farmerdude