winpmem

Function

ArgDescriptionType
serviceThe name of the driver service to install.string
image_pathIf specified we write a physical memory image on this path.string
compressionWhen writing a memory image use this compression (default none) can be none, s2, snappy, gzip.string

Required permissions:MACHINE_STATE

Description

Uses the winpmem driver to take a memory image.

This plugin is also needed to facilitate the winpmem accessor.

When the image_path parameter is not set this function will load the winpmem driver until the scope is destroyed at the end of the query (where the driver will be unloaded).

If the image_path parameter is give, the path will be used to create a raw memory image. The image can be compressed using a number of algorithms such as:

  1. None - no compression (default)

  2. S2 or snappy - these are fast algorithms with poor compression ratio but should result in some speed up over no compression.

  3. The Gzip method is used to produce a compatible gzip file. This is very slow and so it is not suitable for large memory systems as there will be too much smear.

Example

SELECT winpmem(image_path='c:/test.dd', compression='s2') FROM scope()"