Comments on: Dmp2Txt: Solving Security Problem https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/ Structural and Behavioral Patterns for Software Diagnostics, Forensics and Prognostics Tue, 05 May 2026 14:30:50 +0000 http://wordpress.org/?v=2.3.3 By: Crash Dump Analysis » Blog Archive » Sparse complete x64 memory dumps https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-49052 Crash Dump Analysis » Blog Archive » Sparse complete x64 memory dumps Thu, 30 Oct 2008 17:57:00 +0000 https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-49052 [...] For really huge dumps WinDbg scripts collecting data on-site might be a solution too (see Dmp2Txt: Solving Security Problem for WinDbg script [...] […] For really huge dumps WinDbg scripts collecting data on-site might be a solution too (see Dmp2Txt: Solving Security Problem for WinDbg script […]

]]> By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-21832 Dmitry Vostokov Fri, 28 Mar 2008 15:51:36 +0000 https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-21832 Instead of .for loop we can use the following command and simplify our script: <p align="left"><code>!for_each_process ".process /r /p @#Process; !process @#Process; !ntsdexts.locks; lmv"</code></p> Instead of .for loop we can use the following command and simplify our script:

!for_each_process ".process /r /p @#Process; !process @#Process; !ntsdexts.locks; lmv"

]]> By: Dreamyguy https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-3141 Dreamyguy Mon, 16 Jul 2007 09:26:39 +0000 https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-3141 Yes, you were right! It worked this time. Thanks :-) Yes, you were right! It worked this time. Thanks :-)

]]> By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-3039 Dmitry Vostokov Thu, 12 Jul 2007 16:59:48 +0000 https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-3039 <p>This is because of quotes changed by Wordpress. In the original post they were "”? but should be <code>""</code>. I enclosed the command under code tag and quotes are shown correct now: </p> <p><code>C:\Program Files\Debugging Tools for Windows>WinDbg.exe -y "srv*c:\mss*http://msdl.microsoft.com/download/symbols" -z MEMORY.DMP -c "$$><c:\WinDbgScripts\Dmp2Txt.txt;q" -Q -QS -QY -QSY</code></p> This is because of quotes changed by Wordpress. In the original post they were “”? but should be "". I enclosed the command under code tag and quotes are shown correct now:

C:\Program Files\Debugging Tools for Windows>WinDbg.exe -y "srv*c:\mss*http://msdl.microsoft.com/download/symbols" -z MEMORY.DMP -c "$$><c:\WinDbgScripts\Dmp2Txt.txt;q" -Q -QS -QY -QSY

]]> By: Dreamyguy https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-3027 Dreamyguy Thu, 12 Jul 2007 11:40:42 +0000 https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-3027 I ran the following command: C:\Program Files\Debugging Tools for Windows>windbg.exe -y "srv*C:\mysymbols*http://msdl.microsoft.com/download/symbols" -z c:\kk\memory_dipesh.dmp -c "$$> "$$;q”? ^ Syntax error in '"$$;q”?' When I go back and look at the script file i.e. kedmp2.txt, it's empty. Any suggestions? I ran the following command:

C:\Program Files\Debugging Tools for Windows>windbg.exe -y “srv*C:\mysymbols*http://msdl.microsoft.com/download/symbols” -z c:\kk\memory_dipesh.dmp -c “$$> “$$;q”?
^ Syntax error in ‘”$$;q”?’

When I go back and look at the script file i.e. kedmp2.txt, it’s empty.

Any suggestions?

]]> By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-1923 Dmitry Vostokov Tue, 22 May 2007 09:31:29 +0000 https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-1923 Today I have found that !process 0 ff is less accurate in depicting user space stack traces in some complete memory dumps than the old combination of .reload/!process. To speed up reloading symbols I would recommend .reload /user Today I have found that !process 0 ff is less accurate in depicting user space stack traces in some complete memory dumps than the old combination of .reload/!process. To speed up reloading symbols I would recommend .reload /user

]]> By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-1897 Dmitry Vostokov Mon, 21 May 2007 15:02:50 +0000 https://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/#comment-1897 For XP/W2K3 and higher you can simplify the script at the cost of excluding process critical section locks: $$ $$ Dmp2Txt: Dump all necessary information from complete full memory dump into log $$ .logopen /d !analyze -v !vm 4 lmv !locks !poolused 3 !poolused 4 !exqueue f !irpfind !stacks !process 0 ff .logclose $$ $$ Dmp2Txt: End of File $$ For XP/W2K3 and higher you can simplify the script at the cost of excluding process critical section locks:

$$
$$ Dmp2Txt: Dump all necessary information from complete full memory dump into log
$$
.logopen /d
!analyze -v
!vm 4
lmv
!locks
!poolused 3
!poolused 4
!exqueue f
!irpfind
!stacks
!process 0 ff
.logclose
$$
$$ Dmp2Txt: End of File
$$

]]>