Comments on: Episode 522 – Whats in your RAM? http://Hak5.org/episodes/episode-522 Trust Your Technolust Tue, 22 May 2012 08:32:03 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: naghu http://Hak5.org/episodes/episode-522#comment-45069 naghu Wed, 10 Nov 2010 07:37:57 +0000 http://www.hak5.org/?p=1298#comment-45069 Good morning dude, I used win32dd to extract image of my pc's RAM. When i use the image file(.dmp file) in volatility framework am getting an error volatility: error: Unable to lacate valid DTB n image.Whats the prob dude..? Good morning dude,
I used win32dd to extract image of my pc’s RAM. When i use the image file(.dmp file) in volatility framework am getting an error volatility: error: Unable to lacate valid DTB n image.Whats the prob dude..?

]]> By: Kurt Oestreich http://Hak5.org/episodes/episode-522#comment-37965 Kurt Oestreich Mon, 24 Aug 2009 10:35:26 +0000 http://www.hak5.org/?p=1298#comment-37965 One of the interesting breadcrumbs that you left was for the forensics wiki at: http://www.forensicswiki.org/wiki/Tools:Memory_Imaging Excellent site. I followed the links there to the system internals tool livekd at: http://technet.microsoft.com/en-us/sysinternals/bb897415.aspx Which led me to grab the kernel debugger (now free!!! I have Ida, but this is so cool!!! I knew my masm was worthwhile) at: http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx Which gives the debugger. And this led me to... Free kernel symbols!!! at: http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#f Whew. The tools Darren and the other bloke, Mubix referenced required administrator login. The tools from Microsoft/Sysinternals don't, and can be made portable, for the most part, except perhaps for the symbols, but I think I could make that work too. In any case, you two uber dudes left me a really cool trail of breadcrumbs to follow and get some massive memory hacking/debugger tools for my computer. I never bought the msoft tools because they were 1. expensive and 2. bloated. But just having the kernel debugger, combined with masm and tasm (Borland orphan) tools, makes for some real butt kicking fun! Yahoo! -Kurt One of the interesting breadcrumbs that you left was for the forensics wiki at:

http://www.forensicswiki.org/wiki/Tools:Memory_Imaging

Excellent site. I followed the links there to the system internals tool livekd at:

http://technet.microsoft.com/en-us/sysinternals/bb897415.aspx

Which led me to grab the kernel debugger (now free!!! I have Ida, but this is so cool!!! I knew my masm was worthwhile) at:

http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx

Which gives the debugger. And this led me to… Free kernel symbols!!! at:

http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#f

Whew. The tools Darren and the other bloke, Mubix referenced required administrator login. The tools from Microsoft/Sysinternals don’t, and can be made portable, for the most part, except perhaps for the symbols, but I think I could make that work too.

In any case, you two uber dudes left me a really cool trail of breadcrumbs to follow and get some massive memory hacking/debugger tools for my computer. I never bought the msoft tools because they were 1. expensive and 2. bloated. But just having the kernel debugger, combined with masm and tasm (Borland orphan) tools, makes for some real butt kicking fun!

Yahoo!

-Kurt

]]> By: Mantech Memory DD | PenTestIT http://Hak5.org/episodes/episode-522#comment-37275 Mantech Memory DD | PenTestIT Fri, 24 Jul 2009 12:38:11 +0000 http://www.hak5.org/?p=1298#comment-37275 [...] Hak5 – Technolust since 2005 » Episode 522 – Whats in your RAM? [...]

]]> By: Jefferson http://Hak5.org/episodes/episode-522#comment-37231 Jefferson Wed, 22 Jul 2009 13:07:46 +0000 http://www.hak5.org/?p=1298#comment-37231 Hi, why can't some memory be dumped? -> Dumping 1014.11 MB of physical memory to file 'C:\dumpram.img'. -> WARNING: Failed to map at offset 00000000 00002000! 487 -> WARNING: Failed to map at offset 00000000 00003000! 487 -> WARNING: Failed to map at offset 00000000 00004000! 487 -> WARNING: Failed to map at offset 00000000 00005000! 487 -> WARNING: Failed to map at offset 00000000 00006000! 487 -> WARNING: Failed to map at offset 00000000 00007000! 487 -> WARNING: Failed to map at offset 00000000 00008000! 487 -> WARNING: Failed to map at offset 00000000 00009000! 487 -> WARNING: Failed to map at offset 00000000 09100000! 487 259603 map operations succeeded (1.00) 9 map operations failed Hi, why can’t some memory be dumped?

-> Dumping 1014.11 MB of physical memory to file ‘C:\dumpram.img’.
-> WARNING: Failed to map at offset 00000000 00002000! 487
-> WARNING: Failed to map at offset 00000000 00003000! 487
-> WARNING: Failed to map at offset 00000000 00004000! 487
-> WARNING: Failed to map at offset 00000000 00005000! 487
-> WARNING: Failed to map at offset 00000000 00006000! 487
-> WARNING: Failed to map at offset 00000000 00007000! 487
-> WARNING: Failed to map at offset 00000000 00008000! 487
-> WARNING: Failed to map at offset 00000000 00009000! 487
-> WARNING: Failed to map at offset 00000000 09100000! 487

259603 map operations succeeded (1.00)
9 map operations failed

]]> By: pakhet http://Hak5.org/episodes/episode-522#comment-37230 pakhet Wed, 22 Jul 2009 12:55:24 +0000 http://www.hak5.org/?p=1298#comment-37230 Snubbs dresses Darren. It a whole ger-animals deal. The tiger paw shirt matching the tiger paw pants. I miss having geranimals they made mornings so much easier. Sigh. Snubbs dresses Darren. It a whole ger-animals deal. The tiger paw shirt matching the tiger paw pants. I miss having geranimals they made mornings so much easier. Sigh.

]]> By: Derek http://Hak5.org/episodes/episode-522#comment-37220 Derek Wed, 22 Jul 2009 01:52:40 +0000 http://www.hak5.org/?p=1298#comment-37220 What up with Darren and snubs dressing alike? What up with Darren and snubs dressing alike?

]]> By: Eric http://Hak5.org/episodes/episode-522#comment-37140 Eric Sat, 18 Jul 2009 03:24:06 +0000 http://www.hak5.org/?p=1298#comment-37140 Hey do you use Flash CS4 to make your videos? -Eric Hey do you use Flash CS4 to make your videos?

-Eric

]]> By: Carl Campbell http://Hak5.org/episodes/episode-522#comment-37137 Carl Campbell Sat, 18 Jul 2009 02:49:52 +0000 http://www.hak5.org/?p=1298#comment-37137 I've been watching for a while now but have to stop and say your show is the best thing that ever happened to my tv experience I’ve been watching for a while now but have to stop and say your show is the best thing that ever happened to my tv experience

]]> By: Ró?ne takie http://Hak5.org/episodes/episode-522#comment-37136 Ró?ne takie Fri, 17 Jul 2009 22:44:58 +0000 http://www.hak5.org/?p=1298#comment-37136 [...] Hak5: Whats in your RAM?, [...] [...] Hak5: Whats in your RAM?, [...]

]]> By: steveo17 http://Hak5.org/episodes/episode-522#comment-37122 steveo17 Fri, 17 Jul 2009 06:22:52 +0000 http://www.hak5.org/?p=1298#comment-37122 gr8 shows dudes i loved all d info in it, this show is 100% more qualified to teach computer skills than any ecdl courses im involved with, although the show was gr8 i missed d multiple segments from matt and snubs and the multitude of topics consequently making the show shorter however i got a crash course in ram and its contents while watching it so tyvm guys gr8 shows dudes i loved all d info in it, this show is 100% more qualified to teach computer skills than any ecdl courses im involved with, although the show was gr8 i missed d multiple segments from matt and snubs and the multitude of topics consequently making the show shorter however i got a crash course in ram and its contents while watching it so tyvm guys

]]> By: Chris http://Hak5.org/episodes/episode-522#comment-37117 Chris Thu, 16 Jul 2009 19:35:32 +0000 http://www.hak5.org/?p=1298#comment-37117 Great show. I'm one of the people who subscribes through my Tivo. It's a sweet way to watch podcasts on my big screen TV. Just a little fyi, the links on your lower thirds had the left side cut off. That can be resolved by keeping them in TV safe area when you're editing. I'm a video editor for a TV station (and THE I.T. Dept/Sys Admin) and I also post our news broadcasts (converted from mpeg to flash with Sorenson)to our TV station's website so I've seen the difference between what shows in a flash player (everything) and what you see on TV. It's not a big deal, I came here to find the links to formost and the other tools you mentioned. I'd love to see more shows on forensics. Since I'm here, it's a good time to tell you I'm a long time viewer. I think I found you when you were still in your first season about the 4th episode in. I'm an old Sch00l3r. Which means I'm 40 and started with an Apple ][+ in '82 and a 300 baud modem. I consider myself pretty knowledgeable about "computer/network security" and really like your show because you teach this 0ld Dawg some new tricks. If you see Dr-Gonzo on your irc server, that's me. Anyways, thanks for all the shows and info! And keep up the great work! Thanks for teaching me to Trust My Technolust ;) Great show. I’m one of the people who subscribes through my Tivo. It’s a sweet way to watch podcasts on my big screen TV. Just a little fyi, the links on your lower thirds had the left side cut off. That can be resolved by keeping them in TV safe area when you’re editing. I’m a video editor for a TV station (and THE I.T. Dept/Sys Admin) and I also post our news broadcasts (converted from mpeg to flash with Sorenson)to our TV station’s website so I’ve seen the difference between what shows in a flash player (everything) and what you see on TV. It’s not a big deal, I came here to find the links to formost and the other tools you mentioned. I’d love to see more shows on forensics.

Since I’m here, it’s a good time to tell you I’m a long time viewer. I think I found you when you were still in your first season about the 4th episode in. I’m an old Sch00l3r. Which means I’m 40 and started with an Apple ][+ in ’82 and a 300 baud modem. I consider myself pretty knowledgeable about “computer/network security” and really like your show because you teach this 0ld Dawg some new tricks. If you see Dr-Gonzo on your irc server, that’s me. Anyways, thanks for all the shows and info! And keep up the great work! Thanks for teaching me to Trust My Technolust ;)

]]>