As we’re closing in on the release date of version 3.0, it’s time to announce some more new features: the advanced edition will come with support for Windows DMP and Windows Hibernation files.
There are many internal formats of Windows DMP files and Cerbero now supports all of the most common ones. Here are for instance some screen-shots showing information contained in minidumps.
Of course, when the full memory snapshot is available, it is possible to explore it as if it was a raw memory image. Here we can see address space inspection performed on a DMP file.
Hibernation files are also supported for all Windows version from XP to Win10. Here we can see memory analysis performed on Hibernation files.
Stay tuned as there’s more to come also regarding memory analysis.
The upcoming standard and advanced edition of Cerbero Suite 3.0 will feature a full-fledged hex-editor with undo functionality and all the other common goodies.
In the past it was quite cumbersome to edit a file with Cerbero Suite and undo wasn’t available. This is no longer the case as the hex-editor functionality comes now in its own workspace and can be accessed even from the shell context menu on Windows or by specifying the “-hex” argument.
The hex-editor shares much of the functionality also found in the analysis workspace, such as layouts and scripting.
Of course, filters are available as well.
And, as cherry on top, every hex-view in the analysis workspace will be editable, but without ever writing to the original file. To save the modified content access the “Copy” menu and click on “Copy into new file”.