Monthly Archives: November 2008

Today’s a new day: win32dd 1.2 out!


Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /homepages/15/d187295720/htdocs/home/wp-content/plugins/deans_code_highlighter/geshi.php on line 2147

Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /homepages/15/d187295720/htdocs/home/wp-content/plugins/deans_code_highlighter/geshi.php on line 2147

Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /homepages/15/d187295720/htdocs/home/wp-content/plugins/deans_code_highlighter/geshi.php on line 2147

Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /homepages/15/d187295720/htdocs/home/wp-content/plugins/deans_code_highlighter/geshi.php on line 2147


Download win32dd v1.2.20081105 now!


New features coming into this version — but the most notable feature is the capacity to generate Microsoft crash dump file without rebooting or generating a BSOD. This mean you can load your memory snapshot into WinDbg.

Here is a sample of output using WinDbg

  1. span class=”co1″>//msdl.microsoft.com/download/symbols
  2. ‘t match CR3 00122000
  3. WARNING: Process directory table base 3DA26440 doesn’

In addition to \\Device\\PhysicalMemory reading, win32dd 1.2 provides an option (level) to directly use physical memory address mapping (Microsoft API) to avoid to access the physical memory device.

The crashdump generation take care of the previous blogpost. And works from Windows 2000 to Windows 2008 and probably Windows Seven.

Feel free to give some feedback!

I’d like to thanks Aaron for his positive influence on win32dd developement :)