Device_Totalmeltdown

Memory Acquisition Method: Total Meltdown

The LeechCore library supports reading and writing memory from Windows 7 / 2008R2 systems vulnerable to CVE-2018-1038 "Total Meltdown"

Facts in short:

Is supported on 64-bit Windows 7 / 2008R2.
Acquires memory in read/write mode.
Acquired memory is assumed to be volatile.
Have additional requirements.

Connection string:

LeechCore API:

Please specify the acquisition device type in LC_CONFIG.szDevice when calling LcCreate. Example: totalmeltdown.

PCILeech / MemProcFS:

Please specify the device type in the -device option.

Example:

-device totalmeltdown

Requirements:

The target system must be a Windows 7 or Windows 2008R2 system vulnerable to the Total Meltdown vulnerability (CVE-2018-1038). This vulnerability was live between January 2018 to March 2018. Please see more information in the following blog entry.

Overview

Home

API

Acquisition Methods

FILE
REMOTE
EXISTING
HW: USB3380
HW: FPGA
- DMA not working
- DMA on AMD/
  Thunderbolt
HW: FPGA/RawUDP
HW: iLO/RawTCP
Hyper-V Saved State
TotalMeltdown
DumpIt
LiveKd
LiveCloudKd
QEMU
VMWare
WinPMEM

LeechAgent

Overview
Installing

Development

Building

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Device_Totalmeltdown

Memory Acquisition Method: Total Meltdown

Connection string:

Requirements:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Overview

API

Acquisition Methods

LeechAgent

Development

Clone this wiki locally