Monthly Archives: August 2014

LiveDump 1.0 is available

To wrap up the recent news concerning live dumps, which I discussed here and here, I will cover the topic in a bit more detail and provide full source code to a tool you can use to explore the feature yourself. Brief

Tagged with: , ,
Posted in blog, source code

Introducing LiveDump.exe

As mentioned in my previous blog post this afternoon, it appears Microsoft has added back the ability to dump physical memory to disk (in the form of a dump file) from user mode via NtSystemDebugControl.  I wrote a quick proof-of-concept

Posted in blog, conference, source code

Windows 8.1 update: “Live dump” capability

In preparation for refreshing some content in my slide deck for my presentation at Brucon 0x06, I happened upon some functions in the Windows 8.1 kernel I had never seen before.  They were all named with some variation of “LiveDump”.  Here

Tagged with: ,
Posted in blog, conference