Which HIPS allow writing of memory dump after BSOD ?

Hi,

I already found out 2 HIPS which prevent the system from writing a memory dump in case a BSOD occured.

- System Safety Monitor
- Online Armor Full

does your HIPS interfere with writing memory dump ?

 

Memory dump doesn't depend on HIPS, it only depends on fail itself. In case it is memory access fault a dump as a rule is produced. In case system memory was corrupted it is not guaranteed.

For example, if a code references (reads) invalid memory, or paged memory with IRQL >= DISPATCH_LEVEL, then dump will be produced. In case a code writes system memory which is not paged and is located inside kernel address-space, no BSOD will be produced immediately, but once execution control will be moved to the spoiled memory outcome is unpredictable. This case is very hard to diagnose because real culprit is lurking as a rule. If you are brave enough you can try to use MS driver verifier with all the installed drivers. This free tool helps to locate incorrectly working drivers. But be careful. You may be very surprised by their number ...

 

as I know, MJ0011 found a way to attck the system with crash dump.

http://www.debugman.com/read.php?tid=1147

 

No doubt another BSOD generator. Why doesn't she do something more productive and useful instead of wasting good effort just to cripple citizens investments.

Doesn't microsoft make enough of a mess as it is? Gezzz!

 

it seems she work for the safe360(freeware) which has hundred millions users in china.

 

No real evidence of progress IMO when evidence this latest POC which is publicity stunt.

She needs to organize priorities more so to focus on STABLE Coding not amusing herself with releasing sometime that generates only BSOD showings with false allogations like the junk xx.

But maybe she was bored withherself and felt a need for publicity stunt this day.

 

Do I have to be scared about this or is a Zero Tool + ShadowProtect enough to recover from this memory dump ?