Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Need a program that can pull a file from memory
New Posts  All Forums:Forum Nav:

Need a program that can pull a file from memory

post #1 of 2
Thread Starter 
Theres a .sys file that is showing up as an absent device in device manager a few times and occasionally shows up under the CPU tab- loaded modules in resource monitor.

Its random 8 numbers.sys. Resmon says its located in system32/drivers however outside the OS doesnt show it and neither does recuva file recovery.

It seems to only show up occasionally, its possibly TDDSKiller but the log shows a different randomized file. In one day 4 of these entries showed up in device manager.
It also showed up in resmon when no apps where running but bare system stuff.

So I am looking for something to run next time its loaded, it wont be on the SSD but in memory.

If anyone wants to help see if its a common file.

In windows 7

Cmd prompt admin - set devmgr_show_nonpresent_devices=1

Then open device manager, select view in the menu bar then check "show hidden devices" and it will be under non plug and play section with the yellow cog wheel. At the top of the list and ghosted out as missing. Its always 8 random numbers.
post #2 of 2
Thread Starter 
I found a suitible program. I also came across one thats only available to law enforfement and the military for $400 but this one is open source: https://github.com/volatilityfoundation/volatility/issues
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Need a program that can pull a file from memory