32bit version of winpmem.exe fails on Window xp service pack 3

[laughingmotoko]

Hello

I've just tried the new release on my laptop, but it produced an error while trying to capture RAM

32bit version of winpmem.exe fails on Window xp service pack 3

Built from source on Master, 12/28/20, VS 2013 Other os(win7,win8,win10 32bit) works as expected

but 32bit exe on 32bit Win xp, service pack 3 VM on fails with following output:

Driver unloaded. Error <0x7d1>: startservice , Cannot start the driver. error Startservie , cannot start the driver. Driver unloaded.

Why don't load dirver on window xp??

[scudette]

Windows xp is not supported because new compilers do not build valid binaries for it.

You might be able to use an older winpmem version for those systems. For example you can find winpmem 1.6.2 here https://github.com/google/rekall/releases?after=v1.3.2

[vivianezw]

You built it from source with VS 2013 and it worked for Win7-Win10 32-Bit? Ok then:

Actually I made it working for winXP under the hood (beware, I was not very interested and did only one short testing and after that there were further changes with no testing at all for WinXP). It's the VS 2013 that does not allow it. Microsoft did set WinXP on their forbidden list. No chance with VS 2013.

There is an easy way: download the WDK7600 iso from Microsoft, start the WinXP 32 (free oder checked) environment cmd and type 'build -ceZ' from withing the winpmem directory with the SOURCES and MAKEFILE (...WinPmem/tree/master/kernel). No guarantees but last time I used it it worked. edit: the rekall driver will not work on a WinXP VM if a modern VSM layer is messing up the MMU. It will affect the WinXP VM, not only the host OS.

Warning: WinXP from Microsoft point of view is a forbidden OS. No support.