dcsimg
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 4 of 4

Thread: Capture Entire RAM Dump

  1. #1
    Join Date
    Aug 2019
    Posts
    2

    Capture Entire RAM Dump

    I am fairly new to coding and am looking at developing a small application to capture an entire snapshot of a computers RAM.

    I have some 3rd party apps that do this but I am interested in doing my own. I have researched this and found code which helps me dump an individual process, but not the entire contents of RAM to a *.dmp file.

    My aim is to then parse the dmp file using Volatility.

  2. #2
    DataMiser is offline Super Moderator Power Poster
    Join Date
    Jul 2008
    Location
    WV
    Posts
    5,321

    Re: Capture Entire RAM Dump

    Given that VB is 32 bit and that many modern computers have far more than 4gb of ram that may be a problem. Perhaps VB.Net.
    Always use [code][/code] tags when posting code.

  3. #3
    2kaud's Avatar
    2kaud is offline Super Moderator Power Poster
    Join Date
    Dec 2012
    Location
    England
    Posts
    6,814

    Re: Capture Entire RAM Dump

    User processes in Windows use virtual memory. With a user process, memory addresses are relative to to its virtual memory. There are API's available that allow x-process memory access - but again this is relative to the process virtual memory.

    If you want access to actual physical memory (the computer's RAM), then this will need to be written as a kernel driver. If you just want access to the virtual memory of other processes, then see ReadProcessMemory() https://docs.microsoft.com/en-us/win...dprocessmemory and the links. Note that reading virtual memory from other processes is NOT straightforward!
    All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

    C++17 Compiler: Microsoft VS2019 (16.2.5)

  4. #4
    2kaud's Avatar
    2kaud is offline Super Moderator Power Poster
    Join Date
    Dec 2012
    Location
    England
    Posts
    6,814

    Re: Capture Entire RAM Dump

    All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

    C++17 Compiler: Microsoft VS2019 (16.2.5)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width




On-Demand Webinars (sponsored)