RE: [Vol-users] Windows Server 2008

George, I will often use livekd -o for generating memory dumps. If I want to get a clean kernel dump, then I use livekd -m -o. Troy -----Original Message----- From: vol-users-bounces(a)volatilityfoundation.org [mailto:vol-users-bounces@volatilityfoundation.org] On Behalf Of George M. Garner Jr. Sent: Monday, July 02, 2012 10:45 AM To: vol-users(a)volatilityfoundation.org Subject: Re: [Vol-users] Windows Server 2008 On 7/2/2012 10:59 AM, Troy Larson (NETSEC) wrote: One of my favorite tools, aside from KnTList. To my mind it is an essential tool if you want to get serious about memory analysis. But then you need to be able to convert your memory dumps to MS crashdump format. While I am on the subject, the version of Windbg that ships with w8 RC WDK includes a .segmentation command which is useful when using Windbg to analyze 64-bit memory images. Basically, you enter the following two commands after opening a 64-bit crashdump and all will be joy (with Windbg): .segmentation /V /X /a .effmach . (note literal dot). _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users