Linux / AVML

Acquire AVML
$ wget https://github.com/microsoft/avml/releases/download/v0.2.0/avml
Make executable
$ chmod +x avml
Run AVML
$ ./avml
Identify kernel profile
$ uname -a
Linux syd 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/*release
​
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS"
NAME="Ubuntu" VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic
Acquire memory with AVML (1GB memory took ~2 seconds)
$ sudo ./avml /path/to/dump/filename.mem
Acquire to remote location
$ sudo mount -o user=username -t cifs \\\\remotehost\\folder$ /mnt/point
./avml /mnt/point/memdump.mem
If you don't have a kernel profile/overlay for your specific kernel/build, check out this post.
Last modified 7mo ago