C++ windows how to Clone RAM ( Memory )? using API or is there any way ? 

Any help appreciated! 

memcpy

1 hour ago, evlncrn8 said:

memcpy

the whole memory ? how the code will be in C++ ? just as hint i am not asking for spoon feed. 

 

i dont think a spoon feed is needed.. i think you dont actually understand what you're talkng about

"the whole memory" - depends if you mean the physical memory dumping (of the os), or of the virtual memory dumping of the process...

just what is it you are trying to do ? (apart from using the 'clone' word in two threads?)

 

2 hours ago, evlncrn8 said:

i dont think a spoon feed is needed.. i think you dont actually understand what you're talkng about

"the whole memory" - depends if you mean the physical memory dumping (of the os), or of the virtual memory dumping of the process...

just what is it you are trying to do ? (apart from using the 'clone' word in two threads?)

 

Both "physical memory dumping" &  virtual memory dumping of the process.

 

Thanks for your concern. I am looking forward to hear from you. 

umm i suggest you first learn what you're attempting to talk about...

just what are you trying to achieve? (apart from running before learning to walk)

oh and kindly stop with quoting.. its annoying

Edited June 19, 20169 yr by evlncrn8
had to add in the part about quoting

10 hours ago, evlncrn8 said:

just what are you trying to achieve? (apart from running before learning to walk)

haha if that was a pun referrin to HeapWalk l0l gud oke mate

buddy, the fundamental problem with doing this is, well okay there are two, but the first one is that every cycle (generally, if youre doing something number crunching then you'll be able to prefetch pretty good and you wont cache-thrash) the CPU is going to be fetching or storing to your RAM. so if you want a 'snapshot' with integrity, youre going to have to either 1: choose a specific process , then use heapwalk to change the memory allocated over to all be marked as copy-on-write (so the process keeps on going, but you still manage to maintain that memory range youre taking an image of). HeapWalk https://msdn.microsoft.com/en-us/library/windows/desktop/aa366710(v=vs.85).aspx auto does that for you, but its not threadsafe and obviously as you move around the stack none of that activitiy is captured, so youre going to manually have to do that yerself.

if you want a whole system image youre going to have to mark every single page as PAGE_EXECUTE_WRITECOPY (0x80) as quickly as you possibly can. i'd probaby experiment with something like firing up a thread pool, have an optimium amount of threads join, elevate the process priority to fornicationin high, and then fire an event so they all hit up the specific processes they need to at the same time. this also is not thread safe, and  obviously you cant do from user32.dll like u would with VirtualAlloc page mark alterations, and again, youre gona segfault (or whatever its called on windows when you get a bad memory access) if a thread tries to make a store to anything in the 0x80 marked mem range, because that shit is protected like a 14 year old catholic girls vag. your process could crash (no biggie) or your entire machine could l0l