Which HIPS allow writing of memory dump after BSOD ?

Discussion in 'other anti-malware software' started by Shotwick, Apr 13, 2008.

Thread Status:
Not open for further replies.
  1. Shotwick

    Shotwick Suspended Member

    Joined:
    Jun 15, 2006
    Posts:
    12
    Hi,

    I already found out 2 HIPS which prevent the system from writing a memory dump in case a BSOD occured.

    - System Safety Monitor
    - Online Armor Full

    does your HIPS interfere with writing memory dump ?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    My HIPS don't interfere with memory dumps, and they have included, Online Armor Full, System Safety Monitor and Prosecurity.

    Pete
     
  3. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Memory dump doesn't depend on HIPS, it only depends on fail itself. In case it is memory access fault a dump as a rule is produced. In case system memory was corrupted it is not guaranteed.

    For example, if a code references (reads) invalid memory, or paged memory with IRQL >= DISPATCH_LEVEL, then dump will be produced. In case a code writes system memory which is not paged and is located inside kernel address-space, no BSOD will be produced immediately, but once execution control will be moved to the spoiled memory outcome is unpredictable. This case is very hard to diagnose because real culprit is lurking as a rule. If you are brave enough you can try to use MS driver verifier with all the installed drivers. This free tool helps to locate incorrectly working drivers. But be careful. You may be very surprised by their number ...
     
    Last edited: Apr 13, 2008
  4. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    No doubt another BSOD generator. Why doesn't she do something more productive and useful instead of wasting good effort just to cripple citizens investments.

    Doesn't microsoft make enough of a mess as it is? Gezzz!
     
  6. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    :D it seems she work for the safe360(freeware) which has hundred millions users in china.
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    No real evidence of progress IMO when evidence this latest POC which is publicity stunt.

    She needs to organize priorities more so to focus on STABLE Coding not amusing herself with releasing sometime that generates only BSOD showings with false allogations like the junk xx.

    But maybe she was bored withherself and felt a need for publicity stunt this day.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Do I have to be scared about this or is a Zero Tool + ShadowProtect enough to recover from this memory dump ? :)
     
Loading...
Thread Status:
Not open for further replies.