Closed lishaoju closed 1 month ago
ufrisk
commented
2 months ago Then just read from the process you're targeting and don't read from the other processes. You don't have to read from the other processes you aren't interested in if you don't want to... Or am I missing something here?
lishaoju
commented
2 months ago 然后只从你的目标进程中读取,而不是从其他进程中读取。如果您不想,则不必从您不感兴趣的其他进程中读取...还是我在这里遗漏了什么?
VMMDLL_Scatter_PrepareEx The return may be successful, but the received value is incorrect VMMDLL_Map_GetEATU The return value may be successful, but cMap will receive a null value. Restarting the host has a certain chance of receiving the correct value of cMap
ufrisk
commented
1 month ago Unfortunately this is how DMA memory forensics work. It's not guaranteed to give proper results always.
Sometimes the operating system "page out" memory to disk where PCILeech/MemProcFS DMA is unable to reach.
And yeah, cMap may be 0, and it would indicate a fail so both the return value and the cMap value would have to be checked unfortunately.
I want to use DMA to only read system process information or specific process Pid memory data. Is there any way to achieve this? I am a beginner