search

ufrisk / pcileech

Direct Memory Access (DMA) Attack Software
GNU Affero General Public License v3.0
4.72k stars 706 forks source link

target to dump. #226

Closed SaionjiMKII closed 1 year ago

SaionjiMKII commented 1 year ago

Is there a way to specify a specific target for the dump? I can't figure it out. I tried.\pcileech.exe dump -pid ID

ufrisk commented 1 year ago

PCILeech does not support dumping a process virtual address space directly to file in the form of a minidump or similar. PCILeech currently only dumps full raw physical memory dumps (i.e. it will work without the -pid ID part.

If you're interested in accessing memory from your C/C++ program (or C#, Rust, Python, Java) please check out the MemProcFS sister project. There you'll find APIs to achieve this task.

Please let me know if this answers your question, or if I misunderstood it somehow.