search

tking2 / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 1 forks source link

Can I use a regex with the memdump command? #374

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi,
 To dump a dll by regex I can do that with dlldump and --regex, is there a similar option for memump?

Cheers

Original issue reported on code.google.com by Mail...@gmail.com on 3 Feb 2013 at 10:49

GoogleCodeExporter commented 9 years ago 
Please use the mailing list 
(http://lists.volatilesystems.com/mailman/listinfo/vol-users) for general 
questions (and the bug tracker for bugs). 

No, there's no similar --regex option for memdump. The dlldump command dumps 
DLLs which have names, so you can match those names with a regex. Memdump dumps 
all addressable memory in a process, which includes DLLs but also pages that 
have no associated names etc. So there would be nothing to match on. If you 
want to memdump multiple processes, do --pid=1,2,3,3 etc.

Original comment by michael.hale@gmail.com on 4 Feb 2013 at 2:35

GoogleCodeExporter commented 9 years ago 
Thankyou for your reply, sorry I posted this in the wrong place.

Original comment by Mail...@gmail.com on 4 Feb 2013 at 2:53