Presentation is loading. Please wait.

Presentation is loading. Please wait.

Determine the footprint of .exe

Published byImogene Thompson Modified over 6 years ago

Similar presentations

Presentation on theme: "Determine the footprint of .exe"— Presentation transcript:

1 Determine the footprint of .exe
Start procmon Start your process Stop your process Stop the procmon capture Find first instance of your process as “Process Name” Double click Find size

2 Capturing Memory How Much Memory Corruption Lab 2

3 procmon

4 Filter for your process

5 Process Name

6 cmd.exe it is

7 After exe Image is Loaded

8 Check the Event Properties

9 Size Looks like 0x59000 = 364,54410 Not bad for a simple command prompt.

10 Lab 4/16/2014 Memory Acquisition
1. Capture memory using winpmem.exe 2. Determine the memory footprint of winpmem.exe

Download ppt "Determine the footprint of .exe"

Similar presentations

Sony Digital Video Camcorder Model - TRV22E. What can you do with it? Video to tape and playback through TV In combination with a computer: –Video to.

Sony Digital Video Camcorder Model - TRV22E. What can you do with it? Video to tape and playback through TV In combination with a computer: –Video to.
Quality Center 10.0 -Test Management Tool. Overview Test Lab Module Tasks Performed in Test Lab Module.

Quality Center Test Management Tool. Overview Test Lab Module Tasks Performed in Test Lab Module.
CCNA2 MODULE 5.

CCNA2 MODULE 5.
Y A S O O B A L I b o r n o n 1 9 t h F e b r u a r y 1 9 9 0 i n K a n p u r d i s t r i c t o f U t t a r P r a d e s h. H e s t a r t e d s i n g i.

Y A S O O B A L I b o r n o n 1 9 t h F e b r u a r y i n K a n p u r d i s t r i c t o f U t t a r P r a d e s h. H e s t a r t e d s i n g i.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
Chapter 14 Chapter 14: Server Monitoring and Optimization.

Chapter 14 Chapter 14: Server Monitoring and Optimization.
CV Pathology Lab 3 CASE 1. CV Lab 3, Image IA CV Lab 3, Image 1B.

CV Pathology Lab 3 CASE 1. CV Lab 3, Image IA CV Lab 3, Image 1B.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
Mary K. Olson 02.17.2009 PS Reporting Instance – Query Tool 101.

Mary K. Olson PS Reporting Instance – Query Tool 101.
WINDIG 2.0 Free software to generate values from figures CFD Lab, NTUST Taipei, Taiwan.

WINDIG 2.0 Free software to generate values from figures CFD Lab, NTUST Taipei, Taiwan.
Unit 5 Simple Present, Time Clauses, Used To, and Would.

Unit 5 Simple Present, Time Clauses, Used To, and Would.
Module 5: Application Settings and Deployment. Overview Working with Application Settings Deploying Applications.

Module 5: Application Settings and Deployment. Overview Working with Application Settings Deploying Applications.
Packet Tracer 4.1: Novice Session

Packet Tracer 4.1: Novice Session
NMS LAB2 EXPENSES  Software  Hardware and OS for software  Training  Extra usage of work time (active use of SNMP - software etc.)  New SNMP enabled.

NMS LAB2 EXPENSES  Software  Hardware and OS for software  Training  Extra usage of work time (active use of SNMP - software etc.)  New SNMP enabled.
Streaming Twitter. Install pycurl library Use a lab computer From the course website Download the links from pycurl and twitter streamer Extract site-packages.zip,

Streaming Twitter. Install pycurl library Use a lab computer From the course website Download the links from pycurl and twitter streamer Extract site-packages.zip,
A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 6 Managing and Troubleshooting Windows 2000.

A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 6 Managing and Troubleshooting Windows 2000.
Visual Basic Games: Prepare for Hangman

Visual Basic Games: Prepare for Hangman
Windows Vista Inside Out Chapter 22 - Monitoring System Activities with Event Viewer Last modified 10-22-07 11 am.

Windows Vista Inside Out Chapter 22 - Monitoring System Activities with Event Viewer Last modified am.
Lesson 17 Aim: How do we find the number of favorable outcomes in an experiment?

Lesson 17 Aim: How do we find the number of favorable outcomes in an experiment?
Lesson 19 Aim: How do you find the probability of independent events?

Lesson 19 Aim: How do you find the probability of independent events?

Similar presentations

Ads by Google