You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I get memdump and procdump from lsass in a vmem snapshot file( I have snapshot and suspend files of vmware virtual machines: vmsn, vmss, vmem ). but I can not open it with windbg or mimikatz. I tried to convert the raw memory dump to dmp with volatility but it failed( through raw2dmp and through a couple of other tools ).
what's the format of memdump files and how we can convert them to Windows dump format. as I know the procdump command get the PE file of the executable process from memory. how can we convert them to dmp.
thanks
The text was updated successfully, but these errors were encountered:
I get memdump and procdump from lsass in a vmem snapshot file( I have snapshot and suspend files of vmware virtual machines: vmsn, vmss, vmem ). but I can not open it with windbg or mimikatz. I tried to convert the raw memory dump to dmp with volatility but it failed( through raw2dmp and through a couple of other tools ).
what's the format of memdump files and how we can convert them to Windows dump format. as I know the procdump command get the PE file of the executable process from memory. how can we convert them to dmp.
thanks
The text was updated successfully, but these errors were encountered: