Function
| Arg | Description | Type |
|---|---|---|
| service | The name of the driver service to install. | string |
| image_path | If specified we write a physical memory image on this path. | string |
| compression | When writing a memory image use this compression (default none) can be none, s2, snappy, gzip. | string |
Required Permissions: MACHINE_STATE
Uses the winpmem driver to take a memory image.
This plugin is also needed to facilitate the winpmem accessor.
When the image_path parameter is not set this function will load
the winpmem driver until the scope is destroyed at the end of
the query (where the driver will be unloaded).
If the image_path parameter is give, the path will be used to
create a raw memory image. The image can be compressed using a
number of algorithms such as:
None - no compression (default)
S2 or snappy - these are fast algorithms with poor compression ratio but should result in some speed up over no compression.
The Gzip method is used to produce a compatible gzip file. This is very slow and so it is not suitable for large memory systems as there will be too much smear.
SELECT winpmem(image_path='c:/test.dd', compression='s2') FROM scope()"