📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

 Forums >>  Brainstorms - General  >>  Process Snapshot

Topic created on: March 16, 2010 09:34 CDT by joejeff .

Hi

Does somebody know an application which is able to dump the complete state of a process and later reloads it and continues execution? Like a VM snapshot but per process.

Cheers

Joe

  comrade     March 17, 2010 03:24.15 CDT
What OS? Windows does not have anything like that.

  djnemo     March 20, 2010 07:49.57 CDT
you mean you want to 'hibernate' the process!!!

  comrade     April 6, 2010 00:17.04 CDT
Yes, hibernating the process is another way to call it. Though hibernate is a bit more specific... in hibernation you can throw certain state which you know you can rebuild under the assumption that whatever you are hibernating can be resumed back. Snapshots are more general.

  comrade     April 11, 2010 01:00.08 CDT
Look at the proceedings of the recent CanSecWest 2010 conference, in particular the "Full Process Analysis and Reconstitution of a Virtual Machine from the Native Host" presentation by Jamie Butler. A summary of it can be found here:
http://www.sophos.com/blogs/chetw/g/2010/03/30/cansecwest-2010-day-3-summary/

Essentially Jamie described a technique by which he derived process state from a VM snapshot.

  dzzie     April 12, 2010 17:11.39 CDT
i think dennis elsner had an ida plugin for this. never tried it but comes with source

http://old.idapalace.net/plugins6.html

  tosanjay     August 3, 2010 16:35.03 CDT
i don't know if it is addressing your query, but I recall Pydbg debugger which has a method for taking snapshot of the running process and later resume the process from that point onwards. it is: pydbg.process_snapshot()

Note: Registration is required to post to the forums.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit