Saturday, March 29, 2008

Make sure the patient is dead before the autopsy.

Force an XP Crash to get a Memory Dump

I'm going to do a little security experiment. I will post my results once completed but for starters I need to see what is loaded in memory. I'm going to manually generate a memory dump. Since I'm not a security expert ot hacker I don't have the tools that can do a system memory scan. If anyone has a free solution please let me know.

Microsoft KB article for activating a feature called 'Crash on Control Scroll'. This feature allows a user to manually crash the system, thus triggering the BSoD and memory dump.

To enable that feature on a USB keyboard:

Start the registry editor (regedit.exe)

Locate the following key if you have a USB keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
Locate the following key if you have a PS2 keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
In the Edit menu, click Add Value and add the following registry entry: Name: CrashOnCtrlScrollData Type: REG_DWORDValue: 1
Exit the registry editor, then reboot.

Reboot, so you can now trigger a crash by pressing the SCROLL keyboard key twice while pressing the right CTRL key.

No comments: