Skip to main content
Reverse Engineering

Questions tagged [memory-dump]

Ask Question

The tag has no summary.

54 questions
Newest Active Bountied Unanswered
0 votes
0 answers
53 views

I extracted a file from inside the dump that contains the serial number and I need to analyze it I want to unpack and compress this encrypted file after modifying it
elctro1991's user avatar
  • 1
2 votes
1 answer
342 views

I am trying to decode and extract filesystem of NAND dump from broken device. Dump should't contain OOB. I tried to use eimgfs, but it didn't give any result. Any suggestions please, what am I doing ...
Alexander's user avatar
  • 21
3 votes
1 answer
284 views

Are there any tools that can "record" the memory space of a process and then be able to restore it from a certain timestamp? As in, the process is recreated in the exact same state as if &...
Sebi's user avatar
  • 153
3 votes
0 answers
561 views

how would I go about blocking Memory Dumps by corrupting the PE Header or blocking the Debugger to get an Handle? I tried this already but it didnt work. Scylla could still dump it fine.
Heinz Josef's user avatar
  • 31
1 vote
0 answers
250 views

I'm learning C and trying to understand how things like buffer overflows and other memory issues work. I am doing this on Windows for convenience reasons but would have no problem doing it on WSL or a ...
ChickenOverlord's user avatar
  • 111
1 vote
1 answer
729 views

Idk if this is asked before sorry So I tried something with Process Hacker and Windbg but it couldn't help me The dll is injected using CreateRemoteThread, LoadLibrary i tried looking through files ...
Kreapet's user avatar
  • 13
3 votes
0 answers
59 views

I read the layout or my NAND flash and saw that in the beginning of flash there is a bootstrap the the CPU load. That flash has ECC I read/write that flash. How can I analyze the bootstrap and change ...
Kokomelom's user avatar
  • 291
1 vote
1 answer
543 views

I have a crash dump (memory.dmp), and I want to extract process (calc.exe) from it. I tried: !process 0 0 calc.exe PROCESS ffffb501f8c23580 <-- this is the address SessionId: 0 Cid: 035c ...
AK_'s user avatar
  • 153
1 vote
1 answer
313 views

I am new to malware analysis, and I'm learning how to detect malware that uses process injection to execute PE files from memory. I chose a ransomware sample that uses process injection to load the ...
Ice_cube's user avatar
  • 11
0 votes
1 answer
303 views

I have a .dmp file for googleupdate.exe process. I wanted to check in WinDbg this process has a certificate or not in order to detect this process has modified or not because this process has tried ...
Timberwolf's user avatar
  • 3
2 votes
0 answers
186 views

I have read Flash memory and analyze with binwalk and find out Squashfs that I can extract with dd and open with unsquashfs . When I open this FS I want to add some file into this FS and edit some ...
yfr24493AzzrggAcom's user avatar
  • 301
4 votes
0 answers
956 views

I have a bluetooth speaker which announces interface events like "connected", "powering off". I want to silence these announcements. The way I thought of doing this is to get at ...
Capstone's user avatar
  • 143
0 votes
1 answer
358 views

I have some data from a NAND chip, dumped using the built in nanddump utility on the embedded device. This is the device information: https://openwrt.org/toh/bt/homehub_v5a The NAND chip is 128MiB ...
moo's user avatar
  • 111
3 votes
1 answer
643 views

I'm a newbie, so I'm asking for your help. I have to decode dumped data from an appliance because I wanted to try understand the data. The data are in this format and some information are known: 7E 00 ...
Daniel Davis's user avatar
  • 33
0 votes
1 answer
494 views

I have a 16GB memory dump from Belkasoft RAM Capture, what free tools can I use to analyze it? I have used IDA free version to try to open it and it is showing me an error that it is out of memory and ...
noviceFedora's user avatar
  • 1

15 30 50 per page
1
2 3 4