Timeline for Find a string in the whole RAM
Current License: CC BY-SA 4.0
12 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 21, 2019 at 11:33 | comment | added | Basj | I just found in the meantime indeed, I'll try if it works :) thank you for your help! | |
| Nov 21, 2019 at 11:30 | comment | added | DavidPostill♦ | Note that is the OS kernel code that produces the full dump as it has extra privileges that users (even system or admin) don't. You as a user (even admin) cannot just dump all memory | |
| Nov 21, 2019 at 11:27 | comment | added | DavidPostill♦ | @Basj Then you need to configure Windows to produce a full memory dump when a program crashes - you already know how to do this. Post mortem debugging is different to run time debugging. | |
| Nov 21, 2019 at 11:23 | comment | added | Basj |
Yes @DavidPostill there are lots of situation for which it's interesting to read in the global RAM: example: if the process has terminated 2 hours ago, I'd like to see if it is still in the RAM. Obviously I cannot attach windbg to a terminated program, etc.
|
|
| Nov 21, 2019 at 11:20 | comment | added | DavidPostill♦ | @Basj You can't search some other programs RAM, but you can't write to it either. So if the password is in plain text it must be in the RAM belonging to the password manager. | |
| Nov 21, 2019 at 11:16 | comment | added | Basj | The program you are going to debug is your password manager (not notepad as in the getting started example): if windbg.exe searches in the whole RAM as you said, we could attach it to notepad.exe and then search everywhere in my 8GB of RAM? (no matter which programs owns specific parts of it) | |
| Nov 21, 2019 at 11:08 | comment | added | Basj | I tried, but it only search in the RAM attached to the specific program... Thus you cannot search in the whole RAM for all programs. | |
| Nov 21, 2019 at 11:02 | comment | added | DavidPostill♦ | You can still search the whole ram. You just need to open a program to get access to the console. | |
| Nov 21, 2019 at 11:00 | comment | added | DavidPostill♦ | The program you are going to debug is your password manager (not notepad as in the getting started example) | |
| Nov 21, 2019 at 10:57 | comment | added | DavidPostill♦ |
The commands go in the text box (console) at the bottom, to the right of the prompt 0:000>
|
|
| Nov 21, 2019 at 10:56 | comment | added | DavidPostill♦ | @Basj See Getting Started with WinDbg (User-Mode) - Windows drivers | Microsoft Docs | |
| Nov 21, 2019 at 10:18 | history | answered | DavidPostill♦ | CC BY-SA 4.0 |