[Vol-users] stuxnet.vmem and VMware

G. Scott Graham gsg at cs.utoronto.ca
Mon Nov 7 08:49:53 CST 2011


MHL has been helpful in the past, but I thought I would throw this one out 
to a wider audience.

Simply put, I asked my sysadmin, who has helped me set up my VMware 
environment, to set up an XP SP3 VM and load stuxnet.vmem as the suspended 
memory image. VMware crapped out with "A fault has occurred causing the 
virtual CPU to enter the shutdown state. ..." Does anyone have any insight 
here? Is stuxnet.vmem the suspended memory image of a Stuxnet infected XP 
SP3 machine?

If it had worked, I wanted to get sysinternals running on the VM, so that I 
would have sysinternals and Volatility insight into Stuxnet -- although not 
approaching what Mark Russinovitch was able to show with booting up the 
machine and infecting it from the start. For educational purposes, for the 
class I am teaching.

Thanks for any guidance, VMware or stuxnet. bfn

-- 
Professor G. Scott Graham

administratively: Dean's Designate for Academic Offences
academically: Associate Professor, Computer Science and Forensic Science

University of Toronto Mississauga

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20111107/e887d1ac/attachment.html


More information about the Vol-users mailing list