开发者

A Question regarding methods of dumping ram [All languages, and platforms]

开发者 https://www.devze.com 2023-01-26 02:41 出处:网络
I recently decided that I\'d like to write an application that would be an open source alternative to some of the closed source ram dump applications on the market; pri开发者_运维问答marily as a learn

I recently decided that I'd like to write an application that would be an open source alternative to some of the closed source ram dump applications on the market; pri开发者_运维问答marily as a learning experience.

But I'm not entirely sure where to start (for Windows machines). I guess that I'd have to iterate through memory using a routine that was executed at the kernel level, but how I'd stop the machine from doing anything while taking a snapshot, or doing as little as possible, or even having access to the ram like that, I'm lost.

Anyone with experience or advice is appreciated, very interesting topic.


For Windows everything you need is in dbghelp.dll - reference here.

You can either call the Minidump functions directly, or walk all the structures by hand (which is a lot more work but more in line with the educational exercise you describe).

For process control, the info on writing a basic debugger should be useful.


There is Google Breakpad which might help out. Haven't used it myself yet, though,


here is a quick tutorial on pausing a process so you can play with it. http://www.infernodevelopment.com/freeze-programs-using-win32-threads

here are some functions useful for finding the process or window you want to look at

  1. GetWindowThreadProcessId
  2. EnumWindows
  3. tasklist
  4. GetCurrentProcess

for reading the memory, you can use the following api functions.

  1. OpenProcess
  2. ReadProcessMemory

a google search of those should give you a good start

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号