.Win32dd is a free kernel land tool to acquire physical memory

Because of user-land restriction access to \Device\PhysicalMemory since Windows 2003 SP1, a kernel-land access is needed to dump the physical memory. With win32dd you can do it for free! Moreover, the full source-code is provided.

README file for win32dd - Kernel mode physical memory acquisition v1.2.2.20090608

Web
-----

Author website:
   - http://www.msuiche.net
Logo design by
   - Romuald romuald.dub (0x40) gmail.com

Authors
---------------          
  Win32dd - v1.2.2.20090608 - Kernel land physical memory acquisition
  Copyright (c) 2007 - 2009, Matthieu Suiche 
  Copyright (c) 2008 - 2009, MoonSols 

Changelog
---------

     - 2009-06-08
     - Major bug fixes in driver (System Cache Growing, Correction of the output size)
     - Fix a bug with driver loading in the executable
     - Print additional information about the snapshot.
     - SHA1 Hashing support

     - 2009-01-06
     - Multi-processors support (32 max) for Microsoft crash dump generation.
     - v1.2.1

     - 2008-11-05
     - Several improvements. 
     - Two types of raw dump. and Two types of MSFT dmp file.
     - v1.2

     - 2008-08-18
     - Security guidelines. Bug fixing on XP SP2.

     - 2008-06-15
     - Bug fixing: Small dump and ZwSection() (Thanks Aaron)
     - v1.0.20080615

     - 2008-06-14
     - Initial release v1.0.20080614

Greets
------
We would also like to acknowledge those who have provided valuable
feedback, bug reports, and testing:

Aaron Walters
Andy Ward
Brendan Dolan-Gavitt 
DiabloNova
Frank Boldewin
George M. Garner Jr.
Harlan Carvey
Jon Evans
Martim Carbone
Michael Cohen
Nicolas Ruff
Peter Silberman
Ivanlef0u
Rob Lee
Robert Hensing
Sebastien R.
Tomo Koi