possible (likely) bug in memdump plugin for windows 7 x86

[GoogleCodeExporter]

While the plugin runs and doesn't crash, it doesn't appear to be working 
correctly as in no process that I tested did it ever stop dumping memory. 

For all process in lsass.exe, taskhost.exe, services.exe, and a few more,  all 
processes are reported by task manager as around a few hundred Kb to 2 or 3MB.  
This was tested on the same VM from which the memory image is produced.

The problem is that for all of the processes mentioned, I let the plugin run 
and the "*.dmp" file produced went well over 100MB for all of them before I had 
to ctrl+c the script.

It would seem that the code that calculates the size of a process in memory is 
broken under windows 7...

Original issue reported on code.google.com by atc...@gmail.com on 18 Aug 2010 at 3:35

[GoogleCodeExporter]

It should stop eventually, but the processes could easily be over 100 Mb.  
Memdump dumps all pages found in the process address space in their entirety.  
Theoretically this should never create an image larger than the memory being 
scanned though, and if it does then it need some duplication removal code.  
Could you please let one (possibly small process, with a small number of 
threads and handles) run until it either stops or exceeds the size of the 
original image?

Original comment by mike.auty@gmail.com on 22 Aug 2010 at 11:53

[GoogleCodeExporter]

You can close this one, it seems to be working properly

Original comment by atc...@gmail.com on 23 Aug 2010 at 2:17

[GoogleCodeExporter]

Ok, thanks for testing that.

Original comment by mike.auty@gmail.com on 23 Aug 2010 at 9:17

• Changed state: Invalid