Home

Welcome to the inVtero.net wiki!

Table of Contents

• Where to start?
  • Binary Setup
  • Source
• How to use embedded IP for now
  • Analyze.py is a great set of examples
  • General usages (TYPE SYSTEM)
  • Workarounds
  • Why do we need integrity in the computer memory forensic analysis field?

Where to start?

Binary Setup

• Download / run setup from publish.zip ⇒ https://github.com/ShaneK2/inVtero.net/blob/master/quickdumps/publish.zip

  • MSDIA registered "regsvr32 msdia140.dll" (can skip on dev boxes usually already registered)

Source

• Clone & build quickdumps.

  • Nuget used for protobuf-net and other packages may need an update

How to use embedded IP for now

Access a python shell with;

quickdumps python

Then just copy and paste something like analyze.py, scan.py or list.py.

Analyze.py is a great set of examples

It also matches the logical and physical process lists to ensure that there does not exist a hidden process. Please extend it but in the future will be higher order analytics, pointer/structure type information and integrity checks.

General usages (TYPE SYSTEM)

Usage examples

Workarounds

vmss2core — also; how to override RUN memory descriptor

Why do we need integrity in the computer memory forensic analysis field?

Integrity gives us confidence that we know what were talking about and not just guessing and looking at strings *|grep