On Mon, 2003-08-11 at 04:53, Sakaba wrote: > I want the capability to take live > images of windows machines without having to reboot them and > without having to use thier binaries. Unless you pre-install a program to do such, I believe this is currently impossible. There are compiled live analysis kits for Win32 but they all (please correct me if I am wrong) call at least one or more DLLs from the running Win32 system, based on the design of Win32. The second you do this you disrupt the system. How much? Depends. But your goal of wanting to do a live image of a running Win32 system just isn't possible because of this. Remember every step has one or more side effects. Now, if you're willing to compromise a bit and use system DLLs, then you might be able to do so. Of course certain elements will be corrupt, such as open files, in your resultant image file(s). But you will get much of what you're after. regards, farmerdude ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 07:03:12 PDT