Re: [Vol-users] Windows Server 2008

On 7/2/2012 10:59 AM, Troy Larson (NETSEC) wrote: One of my favorite tools, aside from KnTList. To my mind it is an essential tool if you want to get serious about memory analysis. But then you need to be able to convert your memory dumps to MS crashdump format. While I am on the subject, the version of Windbg that ships with w8 RC WDK includes a .segmentation command which is useful when using Windbg to analyze 64-bit memory images. Basically, you enter the following two commands after opening a 64-bit crashdump and all will be joy (with Windbg): .segmentation /V /X /a .effmach . (note literal dot).