Live Kernel Memory Dump (LKMD) is an advanced Windows console utility that allows you to dump “live” kernel memory without having to force the system down (like you would with a bugcheck issued). No active kernel debug session is required which you normally would have in a debugger/debugee relationship. All kernel mode memory regions are dumped in a stable manner due to the underlying technology used in this utility which Windows uses itself to generate crash dump reports and is therefore reliable and stability isn't compromised even when memory is captured in a live system environment.
For Windows 8.1, 10 (32\64-bit)
The resultant memory dump file is output in proper dump file format so viewing the details is as simple as loading the generated dump file within modern crash dump analysis tools such as WinDbg (e.g: WinDbg v10.0.16299.15) Multiple flags can optionally be specified during dump report generation, such as (Hypervisor Page inclusion, Compression of Page Data, Usermode Memory inclusion, etc.). LKMD is compatible with Windows 8.1 and newer (Windows 10). Whether you're into digital forensics or you are an Admin diagnosing a system infection this tool will come in handy and is recommended for advanced users only.
No "active" kernel debug session is required to generate memory dump.
Due to using Windows own Crash Dump API to generate output file.
May optionally be used to influence the memory capturing process.
Support for modern versions of crash dump analysis tools (WinDbg v10.0 et al).
All kernel mode memory regions are properly dumped to disk file.
Using optional flags you can include also usermode memory regions.
Compatible with Windows 8.1 & Windows 10 (x86 & x64 architectures).
The program is free from spyware, adware or other pests, nothing extra is installed.
This is a console application that has no GUI and works from command-line.
|Last Updated||November 5, 2017|
|Operating System||For Windows 8.1, 10 (32\64-bit)|
|File Size||1.2 MB|