Flag: Tornado!
Hurricane!
|
|
 Error: Authentication required to access requested resource.
Topic created on: by  .
|
What OS? Windows does not have anything like that.
|
|
you mean you want to 'hibernate' the process!!!
|
|
Yes, hibernating the process is another way to call it. Though hibernate is a bit more specific... in hibernation you can throw certain state which you know you can rebuild under the assumption that whatever you are hibernating can be resumed back. Snapshots are more general.
|
Look at the proceedings of the recent CanSecWest 2010 conference, in particular the "Full Process Analysis and Reconstitution of a Virtual Machine from the Native Host" presentation by Jamie Butler. A summary of it can be found here:
http://www.sophos.com/blogs/chetw/g/2010/03/30/cansecwest-2010-day-3-summary/
Essentially Jamie described a technique by which he derived process state from a VM snapshot.
|
i think dennis elsner had an ida plugin for this. never tried it but comes with source
http://old.idapalace.net/plugins6.html
|
|
i don't know if it is addressing your query, but I recall Pydbg debugger which has a method for taking snapshot of the running process and later resume the process from that point onwards. it is: pydbg.process_snapshot()
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 28,224 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}