Re: [Qemu-discuss] How to read memory dump?

qemu-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] How to read memory dump?

From:	Binh Q. Pham
Subject:	Re: [Qemu-discuss] How to read memory dump?
Date:	Mon, 09 Mar 2015 14:34:48 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

Right, I also found volatility and played with that for a while, but Igot problems getting that running. I already reported the problems tovolatility, but I will also mention here in case someone has gonethrough the same problem and knows how to fix:


https://github.com/volatilityfoundation/volatility/issues/198

Thanks,
-Binh
On 03/09/2015 02:24 PM, Jakob Bohm wrote:

On 09/03/2015 17:21, Binh Q Pham wrote:
Hi folks,
Could you suggest me a way to extract information from VirtualMachine's memory dump (I used 'pmemsave' to get this memory dump)?
Thanks for your help.
-Binh
I read somewhere offline that there is a project called
"volatility", which provides tools and scripts to examine
machine states found in such memory dumps.

Enjoy

Jakob

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-discuss] How to read memory dump?, Binh Q Pham, 2015/03/09
- Re: [Qemu-discuss] How to read memory dump?, Jakob Bohm, 2015/03/09
  - Re: [Qemu-discuss] How to read memory dump?, Binh Q. Pham <=

Prev by Date: Re: [Qemu-discuss] How to read memory dump?
Next by Date: [Qemu-discuss] vm live storage migration failure.
Previous by thread: Re: [Qemu-discuss] How to read memory dump?
Next by thread: [Qemu-discuss] vm live storage migration failure.
Index(es):
- Date
- Thread