Open Cameron-Boyd opened 3 months ago
Can you please try the binary built in https://github.com/Velocidex/WinPmem/issues/53 I found it works a bit better than the release
It's extracting under WDAGUtilityAccount
(Windows Defender Application Guard). Could it be blocked, perhaps?
@wallrik Hey, a damn good observation, I didn't notice until you mentioned it. Odd.
Hm. The print verbosity of the usermode app could really be better and ought to be worked over.
Hello guys, when using the 64-bit Executable from the releases on a device it loads and unloads the driver. Then straight away creates a RAW Dump with the Size of 0 Bytes and exits. The cmd.exe is running elevated. Is there a good reason for this or is this a bug?
This is the STDOUT: