Thread overview | ||||||||
---|---|---|---|---|---|---|---|---|
|
January 07, 2018 Memory Dump in D | ||||
---|---|---|---|---|
| ||||
Hello i want to create a memory dump in D. The memory dump is for forensic usage so it must a dump of the complete ram. Can anyone help me ? I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps |
January 07, 2018 Re: Memory Dump in D | ||||
---|---|---|---|---|
| ||||
Posted in reply to H3XT3CH | Am 07.01.2018 um 12:05 schrieb H3XT3CH: > Hello > i want to create a memory dump in D. > The memory dump is for forensic usage so it must a dump of the complete ram. > Can anyone help me ? > I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps > What operating system are you using? -- Kind Regards Benjamin Thaut |
January 07, 2018 Re: Memory Dump in D | ||||
---|---|---|---|---|
| ||||
Posted in reply to Benjamin Thaut | On Sunday, 7 January 2018 at 14:50:30 UTC, Benjamin Thaut wrote:
> Am 07.01.2018 um 12:05 schrieb H3XT3CH:
>> Hello
>> i want to create a memory dump in D.
>> The memory dump is for forensic usage so it must a dump of the complete ram.
>> Can anyone help me ?
>> I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps
>>
>
> What operating system are you using?
I need it for windows and linux but primary for windows
|
January 07, 2018 Re: Memory Dump in D | ||||
---|---|---|---|---|
| ||||
Posted in reply to H3XT3CH | Am 07.01.2018 um 16:40 schrieb H3XT3CH: > > I need it for windows and linux but primary for windows On windows there is the MiniDumpWriteDump function: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680360(v=vs.85).aspx This might sound misleading but besides being able to write out a minidump, which essentially only contains the stacks of all threads, you can also write out a full dump which contains all memory of the process. Usually these files are named *.dmp on windows. You can then open these *.dmp files with WinDBG or the Visual Studio Debugger and inspect the state of the program at which the dump was taken just you would normally inspect a running program at a breakpoint. What I have been doing in the past is: - Set a exception handler via SetUnhandledExceptionFilter - The exception handler writes out a minidump and calls a extrnal process - The external process prompts the user for additional information on the crash and uploads the minidump into a crash database. - I inspect the crash database and see whats going wrong for the users of my programs. -- Kind Regards Benjamin Thaut |
January 07, 2018 Re: Memory Dump in D | ||||
---|---|---|---|---|
| ||||
Posted in reply to H3XT3CH | On Sunday, 7 January 2018 at 15:40:36 UTC, H3XT3CH wrote:
> I need it for windows and linux but primary for windows
On *nix this is traditionally called a "core dump". A quick search will get you lots of tutorials. Most distros today disable core dumps with ulimit. Run "help ulimit" and check the -c flag.
|
January 08, 2018 Re: Memory Dump in D | ||||
---|---|---|---|---|
| ||||
Posted in reply to H3XT3CH | On Sunday, 7 January 2018 at 11:05:01 UTC, H3XT3CH wrote:
> Hello
> i want to create a memory dump in D.
> The memory dump is for forensic usage so it must a dump of the complete ram.
> Can anyone help me ?
> I know that programms already exist that create correct dumps of my memory but i want to understand how it works and how to work with my dumps
A dump of 'complete' physical ram for *forensic* purposes, is very much a specialty area, and very much platform specific.. I doubt you'll find the answer on the D forums ;-)
|
Copyright © 1999-2021 by the D Language Foundation