Hyper-V Saved State to Memory Dump conversion


I was wondering if something like this existed to help with a malware infestation I was looking at.

And yes! It does!

Via Doug:

Take a virtual machine that you want to do some kernel level spelunking on. Rather than going into the guest and generating a kernel dump by one of the usual methods, take the saved state of the virtual machines and use this new tool to make a memory dump.

Haven’t tried it out yet, but that’s my next step…

Comments (0)

Skip to main content