用C ++读取和解释内存页面文件
[英]Reading and interpreting memory page file in C++
问题描述
I need to analyse some malware that I have on a vmware image (vmware is a virtual machine), in particular I need to do a full dump of a certain process. 
我需要分析我在vmware映像上的一些恶意软件(vmware是虚拟机),特别是我需要对某个进程进行完全转储。 I know that vmware,on pausing, writes the whole RAM into a .vmem file. 我知道vmware在暂停时会将整个RAM写入.vmem文件。 The platform the image is taken of is Windows XP. 拍摄图像的平台是Windows XP。 I know that there are certain tools that do this but they are mostly closed source or don't work for Windows XP. 我知道有一些工具可以做到这一点,但它们大多是封闭源或不适用于Windows XP。 I need it to be done in reasonable time (under one second if that is possible somehow) and to run it from my own C++ program, any help would be really appreciated. 我需要在合理的时间内完成(如果可能的话,在一秒钟内完成)并从我自己的C ++程序运行它,任何帮助都会非常感激。
1 个解决方案
解决方案1
2 已采纳 2012-04-20 23:23:27
You seem to be asking to interact with processes and their memory from a suspended VM. 您似乎要求从已挂起的VM与进程及其内存进行交互。
Give some forensic tools a shot. 给一些法医工具一枪。 This one looks promising: 这看起来很有希望:
http://code.google.com/p/volatility/ http://code.google.com/p/volatility/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.