• H3XT3CH (8/8) Jan 07 2018 Hello
• Benjamin Thaut (5/13) Jan 07 2018 What operating system are you using?
• H3XT3CH (2/13) Jan 07 2018 I need it for windows and linux but primary for windows
• Benjamin Thaut (20/22) Jan 07 2018 On windows there is the MiniDumpWriteDump function:
• sarn (5/6) Jan 07 2018 On *nix this is traditionally called a "core dump". A quick
• codephantom (4/12) Jan 07 2018 A dump of 'complete' physical ram for *forensic* purposes, is

H3XT3CH <h3xt3ch protonmail.com> writes:

Hello
i want to create a memory dump in D.
The memory dump is for forensic usage so it must a dump of the 
complete ram.
Can anyone help me ?
I know that programms already exist that create correct dumps of 
my memory but i want to understand how it works and how to work 
with my dumps

Benjamin Thaut <code benjamin-thaut.de> writes:

Am 07.01.2018 um 12:05 schrieb H3XT3CH:
 Hello
 i want to create a memory dump in D.
 The memory dump is for forensic usage so it must a dump of the complete 
 ram.
 Can anyone help me ?
 I know that programms already exist that create correct dumps of my 
 memory but i want to understand how it works and how to work with my dumps
 

What operating system are you using?

-- 
Kind Regards
Benjamin Thaut

H3XT3CH <h3xt3ch protonmail.com> writes:

On Sunday, 7 January 2018 at 14:50:30 UTC, Benjamin Thaut wrote:
 Am 07.01.2018 um 12:05 schrieb H3XT3CH:
 Hello
 i want to create a memory dump in D.
 The memory dump is for forensic usage so it must a dump of the 
 complete ram.
 Can anyone help me ?
 I know that programms already exist that create correct dumps 
 of my memory but i want to understand how it works and how to 
 work with my dumps
 

 What operating system are you using?

I need it for windows and linux but primary for windows

Benjamin Thaut <code benjamin-thaut.de> writes:

Am 07.01.2018 um 16:40 schrieb H3XT3CH:
 
 I need it for windows and linux but primary for windows

On windows there is the MiniDumpWriteDump function: 
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680360(v=vs.85).aspx

This might sound misleading but besides being able to write out a 
minidump, which essentially only contains the stacks of all threads, you 
can also write out a full dump which contains all memory of the process. 
Usually these files are named *.dmp on windows. You can then open these 
*.dmp files with WinDBG or the Visual Studio Debugger and inspect the 
state of the program at which the dump was taken just you would normally 
inspect a running program at a breakpoint.

What I have been doing in the past is:
- Set a exception handler via SetUnhandledExceptionFilter
- The exception handler writes out a minidump and calls a extrnal process
- The external process prompts the user for additional information on 
the crash and uploads the minidump into a crash database.
- I inspect the crash database and see whats going wrong for the users 
of my programs.

-- 
Kind Regards
Benjamin Thaut

sarn <sarn theartofmachinery.com> writes:

On Sunday, 7 January 2018 at 15:40:36 UTC, H3XT3CH wrote:
 I need it for windows and linux but primary for windows

On *nix this is traditionally called a "core dump".  A quick 
search will get you lots of tutorials.  Most distros today 
disable core dumps with ulimit.  Run "help ulimit" and check the 
-c flag.

codephantom <me noyb.com> writes:

On Sunday, 7 January 2018 at 11:05:01 UTC, H3XT3CH wrote:
 Hello
 i want to create a memory dump in D.
 The memory dump is for forensic usage so it must a dump of the 
 complete ram.
 Can anyone help me ?
 I know that programms already exist that create correct dumps 
 of my memory but i want to understand how it works and how to 
 work with my dumps

A dump of 'complete' physical ram for *forensic* purposes, is 
very much a specialty area, and very much platform specific.. I 
doubt you'll find the answer on the D forums ;-)