.writemem (Write Memory to File)
The .writemem command writes a section of memory to a file.
Syntax
- FileName
- Specifies the name of the file to be created. You can specify a full path and file name, or just the file name. If the file name contains spaces, FileName should be enclosed in quotation marks. If no path is specified, the current directory is used.
- Range
- Specifies the memory range to be written to the file. For syntax details, see Address and Address Range Syntax.
Parameters
Environment
| Modes | user mode, kernel mode |
| Targets | live, crash dump |
| Platforms | all |
Comments
The memory is copied literally to the file. It is not parsed in any way.
The .writemem command is the opposite of the .readmem (Read Memory from File) command.
.writemem c:\\memfile.sys 어드레스 l 사이즈
이런식으로 그때 그떄 메모리 영역을 확인해놓고 저장하면 된다..보는 건 PEView툴로 확인하기..
