Re: Memory Dump in D
On Sunday, 7 January 2018 at 11:05:01 UTC, H3XT3CH wrote: Hello i want to create a memory dump in D. The memory dump is for forensic usage so it must a dump of the complete ram. Can anyone help me ? I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps A dump of 'complete' physical ram for *forensic* purposes, is very much a specialty area, and very much platform specific.. I doubt you'll find the answer on the D forums ;-)
Re: Memory Dump in D
On Sunday, 7 January 2018 at 15:40:36 UTC, H3XT3CH wrote: I need it for windows and linux but primary for windows On *nix this is traditionally called a "core dump". A quick search will get you lots of tutorials. Most distros today disable core dumps with ulimit. Run "help ulimit" and check the -c flag.
Re: Memory Dump in D
Am 07.01.2018 um 16:40 schrieb H3XT3CH: I need it for windows and linux but primary for windows On windows there is the MiniDumpWriteDump function: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680360(v=vs.85).aspx This might sound misleading but besides being able to write out a minidump, which essentially only contains the stacks of all threads, you can also write out a full dump which contains all memory of the process. Usually these files are named *.dmp on windows. You can then open these *.dmp files with WinDBG or the Visual Studio Debugger and inspect the state of the program at which the dump was taken just you would normally inspect a running program at a breakpoint. What I have been doing in the past is: - Set a exception handler via SetUnhandledExceptionFilter - The exception handler writes out a minidump and calls a extrnal process - The external process prompts the user for additional information on the crash and uploads the minidump into a crash database. - I inspect the crash database and see whats going wrong for the users of my programs. -- Kind Regards Benjamin Thaut
Re: Memory Dump in D
On Sunday, 7 January 2018 at 14:50:30 UTC, Benjamin Thaut wrote: Am 07.01.2018 um 12:05 schrieb H3XT3CH: Hello i want to create a memory dump in D. The memory dump is for forensic usage so it must a dump of the complete ram. Can anyone help me ? I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps What operating system are you using? I need it for windows and linux but primary for windows
Re: Memory Dump in D
Am 07.01.2018 um 12:05 schrieb H3XT3CH: Hello i want to create a memory dump in D. The memory dump is for forensic usage so it must a dump of the complete ram. Can anyone help me ? I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps What operating system are you using? -- Kind Regards Benjamin Thaut
Memory Dump in D
Hello i want to create a memory dump in D. The memory dump is for forensic usage so it must a dump of the complete ram. Can anyone help me ? I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps
