Someone has finally taken the time to RE all the internal structures for MS-windows systems. Check out 'Responder' tool over at www.hbgary.com. Dumps a ton of information about the system state at time of physical memory snapshot. Drivers,open sockets, open files and regkeys, can even extract full PE files for loaded modules.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1773/1080#1080