ufrisk
commented
6 months ago If you're using a PCILeech hardware device to capture the memory there is no way to snapshot the memory of the live system. You'd have to halt the system for that.
If you're using a VM there are usually some snapshot mechanism and PCILeech may read memory from some of those snapshot formats.
Hello
I think might be not a good place to ask as I might be not directly related to pcileech software, but anyway...
I have a program on target PC which is heavily modifying it's memory during runtime. When I use pcileech with fpga it works fine. But if I take memory dump the data is not coherent because program chenged data already dumped.
So, is there any way to freeze target PC (windows 11) for a while and then dump memory?