Can't initialiaze with pmem at python api about memprocfs HOT 5 CLOSED

1. have you downloaded and placed the winpmem .sys driver in the folder of MemProcFS according to https://github.com/ufrisk/LeechCore/wiki/Device_WinPMEM

2. you need to start Python as elevated admin if running against live wimpmem memory since MemProcFS will need to load the winpmem driver into the kernel (and that requires the process to be started as elevated admin).

Please let me know if this resolves your issues.

from memprocfs.

I did both of your suggestions and it still doesn't work.

from memprocfs.

It seems like WinPmem is not working with Windows 10 release 20.04 or later. It's a known issue. Unfortunately there is nothing I can do about it except hope that they'll be able to fix it. I have documented this on my WinPmem guide info page with a link to the WinPmem issue. https://github.com/ufrisk/LeechCore/wiki/Device_WinPMEM

Can you confirm that you're trying to use WinPmem on 20.04 or later?

Another way may be to use DumpIt; but it requires (as far as I know) an ugly workaround when using Python:

1 start an administrator command prompt
2 run: start DumpIt.exe /L /A c:\Windows\notepad.exe
3 don't close notepad!
4 start python from MemProcFS directory (normal or administrator cmd prompt does not matter)
5 run from vmmpy import *
6 VmmPy_Initialize(['-device', 'dumpit'])

Is this working?

from memprocfs.

did the get the DumpIt Python workaround to work?

from memprocfs.

I'm closing this issue since I'm hoping the python workaround is working and the winpmem issue isn't an issue directly with MemProcFS.

For the winpmem I've updated the guide to reflect that the winpmem driver is broken for the most recent windows versions. It's something out of my control and the winpmem issue has been previously raised with that project.

from memprocfs.