在 C++ 中读取和解释内存页面文件
我需要分析 vmware 映像(vmware 是虚拟机)上的一些恶意软件,特别是我需要对某个进程进行完整转储。我知道 vmware 在暂停时会将整个 RAM 写入 .vmem 文件。拍摄图像的平台是Windows XP。我知道有一些工具可以做到这一点,但它们大多是闭源的或者不适用于 Windows XP。我需要它在合理的时间内完成(如果可能的话,一秒以内)并从我自己的 C++ 程序运行它,任何帮助将不胜感激。
I need to analyse some malware that I have on a vmware image (vmware is a virtual machine), in particular I need to do a full dump of a certain process. I know that vmware,on pausing, writes the whole RAM into a .vmem file. The platform the image is taken of is Windows XP. I know that there are certain tools that do this but they are mostly closed source or don't work for Windows XP. I need it to be done in reasonable time (under one second if that is possible somehow) and to run it from my own C++ program, any help would be really appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您似乎要求与挂起的虚拟机中的进程及其内存进行交互。
尝试一些法医工具。这个看起来很有前途:
http://code.google.com/p/volatility/
You seem to be asking to interact with processes and their memory from a suspended VM.
Give some forensic tools a shot. This one looks promising:
http://code.google.com/p/volatility/