Ulf Frisk
Ulf Frisk
I'm closing this issue since I believe the question was answered.
Use the negative value. It should be correct. It's just how 64-bit values (addresses) with the topmost address part set to 0xFFFF is represented in Java. I really with Java...
Then just read from the process you're targeting and don't read from the other processes. You don't have to read from the other processes you aren't interested in if you...
Unfortunately this is how DMA memory forensics work. It's not guaranteed to give proper results always. Sometimes the operating system "page out" memory to disk where PCILeech/MemProcFS DMA is unable...
Currently it only supports installing from the current user context, but I can add support for local accounts.
I'll look into it, but unfortunately it may be some time off before I'm able to find the time for it since I have a couple of projects I'd have...
This should now work with ntlm authentication. `memprocfs -device pmem -remote rpc://ntlm:remotehost:user=administrator`
It does not support windows XP network connections currently. Windows XP was ancient and no longer really used in the real world when this tool was created. I never could...
I believe this is a duplicate issue of https://github.com/ufrisk/MemProcFS/issues/283 I should be looking into this I guess since it seems like Windows 7 is still quite popular in CTF's and...
I agree that it would certainly be less error prone on VMWare/QEMU since it's much faster. Still I wouldn't be able to acquire any locks without code execution (i.e. using...