A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
 #22730  by usman715
 Fri Apr 25, 2014 6:12 am
Hello,

I am new on this forum and field also.

Which is the best tool to take windows RAM memory image (.dmp, .raw etc)?
and how to obtain the KPCR ? theoretically I am aware of that, let say we first have to search for two contiguous string etc. I actually want to do it practically?
Which tool is used and code, if possible etc etc.

Thanks