Dump module - Add support for partial memory dump on systems with > 3Gb of RAM #118
Description
On Win7 systems with > 3GB of RAM, the dump module immediately crashes with a "forensic1394_read_device_v: I/O timeout" or an "General I/O" error, however the unlock module works and at least reads up to the 3Gb memory limit before it fails. Request is to add a feature to the dump module to behave more like the unlock module when reading memory and then write out any memory that can be read up until the memory issue that occurs at around the 3Gb mark (> 3Gb ram issue documented in #106).
root@kali:/opt/inception-0.4.0# ./incept dump
...
| _| _| _||| _|||| ||| _||| _| _|| | _|
_| _|| | _| _| _| _| _| _| _| _| _|| |
_| _| _| _| _| _||| _||| _| _| _| _| _| _| _|
_| _| _|| | _| _| _| _| _| _| _| _||
| _| _| _||| _|||| | _| _| _|| _| _|
v.0.4.0 (C) Carsten Maartmann-Moe 2015
Download: http://breaknenter.org/projects/inception | Twitter: @breaknenter
[*] FireWire devices on the bus (names may appear blank):
[1] Vendor (ID): MICROSOFT CORP. (0x50f2) | Product (ID): (0x0)
[] Only one device present, device auto-selected as target
[] Selected device: MICROSOFT CORP.
[] Initializing bus and enabling SBP-2, please wait or press Ctrl+C
[*] Dumping from 0x0 to 0x100000000, a total of 4 GiB:
[-] Error: forensic1394_read_device_v: General I/O error