w0rm Posted June 19, 2016 Posted June 19, 2016 C++ windows how to Clone RAM ( Memory )? using API or is there any way ? Any help appreciated!
w0rm Posted June 19, 2016 Author Posted June 19, 2016 1 hour ago, evlncrn8 said: memcpy the whole memory ? how the code will be in C++ ? just as hint i am not asking for spoon feed.
evlncrn8 Posted June 19, 2016 Posted June 19, 2016 i dont think a spoon feed is needed.. i think you dont actually understand what you're talkng about "the whole memory" - depends if you mean the physical memory dumping (of the os), or of the virtual memory dumping of the process... just what is it you are trying to do ? (apart from using the 'clone' word in two threads?)
w0rm Posted June 19, 2016 Author Posted June 19, 2016 2 hours ago, evlncrn8 said: i dont think a spoon feed is needed.. i think you dont actually understand what you're talkng about "the whole memory" - depends if you mean the physical memory dumping (of the os), or of the virtual memory dumping of the process... just what is it you are trying to do ? (apart from using the 'clone' word in two threads?) Both "physical memory dumping" & virtual memory dumping of the process. Thanks for your concern. I am looking forward to hear from you.
evlncrn8 Posted June 19, 2016 Posted June 19, 2016 (edited) umm i suggest you first learn what you're attempting to talk about... just what are you trying to achieve? (apart from running before learning to walk) oh and kindly stop with quoting.. its annoying Edited June 19, 2016 by evlncrn8 had to add in the part about quoting
2x2l Posted June 20, 2016 Posted June 20, 2016 10 hours ago, evlncrn8 said: just what are you trying to achieve? (apart from running before learning to walk) haha if that was a pun referrin to HeapWalk l0l gud oke mate buddy, the fundamental problem with doing this is, well okay there are two, but the first one is that every cycle (generally, if youre doing something number crunching then you'll be able to prefetch pretty good and you wont cache-thrash) the CPU is going to be fetching or storing to your RAM. so if you want a 'snapshot' with integrity, youre going to have to either 1: choose a specific process , then use heapwalk to change the memory allocated over to all be marked as copy-on-write (so the process keeps on going, but you still manage to maintain that memory range youre taking an image of). HeapWalk https://msdn.microsoft.com/en-us/library/windows/desktop/aa366710(v=vs.85).aspx auto does that for you, but its not threadsafe and obviously as you move around the stack none of that activitiy is captured, so youre going to manually have to do that yerself. if you want a whole system image youre going to have to mark every single page as PAGE_EXECUTE_WRITECOPY (0x80) as quickly as you possibly can. i'd probaby experiment with something like firing up a thread pool, have an optimium amount of threads join, elevate the process priority to fornicationin high, and then fire an event so they all hit up the specific processes they need to at the same time. this also is not thread safe, and obviously you cant do from user32.dll like u would with VirtualAlloc page mark alterations, and again, youre gona segfault (or whatever its called on windows when you get a bad memory access) if a thread tries to make a store to anything in the 0x80 marked mem range, because that shit is protected like a 14 year old catholic girls vag. your process could crash (no biggie) or your entire machine could l0l
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now