14 June 2008,
 Off

Actually, win32dd is the only 100% open-source tool to capture memory under Win2k3 or Vista. Even, if ManTech released a similar tool yesterday, but some part of the source code (e.g. driver source code) are missing. Then, I decide to release mine as a full open-source project under GPL3 license.

The main difference between ManTech tool and win32dd, is that win32dd is mainly a kernel mode application — then it avoids to use user-land API to write to an output file, everything is done with native functions. Thus, it means a faster dumping… This point isn’t negligible when you have one million page to dump in one single.

In ManTech tool, the driver is only used to get \Device\PhysicalMemory handle.

Download win32dd v1.0.20080615 now!

EDIT: (16th June), New version, fixed bug.

PS: You can read further information about PhysicalMemory restriction access on the Microsoft MSDN here.

Comments are closed.