-
Hello, I tried running memprocfs on the known cridex.vmem. it can be found online, the memory is Windows XP I wonder if the tool support that since netstat output comes empty, while volatility socket…
-
MemProcFS.exe -device "I:\AnQuan\Tools\1 Misc\内存取证\volatility_2.6_win64_standalone\memdump-win10x64.dmp" -forensic 1
[CORE] Initialization Failed. Unable to locate valid DTB. #2
VmmProc: Unabl…
-
Built from source on Master, 11/4/20, VS 2019 16.7.1
64bit exe works as expected
32bit exe on 64bit Win 10, version 2004 build 19041.572 (bare hardware) fails with following output:
**D:\Work\Dev…
-
I'm trying to use MemProcFS in a Windows 11 VM, running on an M1 MacBook Pro in Parallels.
I have successfully installed Dokan, and can run the `mirror.exe` to ensure that the new drive is created…
-
pygame-ce 2.5.0 (SDL 2.30.3, Python 3.8.0)
[+] offsets parsed
[+] Finded client base
[+] Entered entitylist
Traceback (most recent call last):
File "./app.py", line 239, in
EntityList = s…
-
-
Hi All,
I have been at work on a major version change (breaking) for this library.
I found the version you see here to be a fairly poor outline of what is needed when writing DMA apps.
I also …
-
Hi,
Okay not an issue and I realize this may not be a very interesting forensics target but...
I noticed that ReactOS as a qemu guest _kinda_ works, too.
The function FindNtoScan32() needs a li…
-
if you run it like this, then the extended disk appears, but if you run a full-fledged script through powershell, nothing happens
good > C:\MemProcFS-Analyzer-v1.0\Tools\MemProcFS>MemProcFS.exe -de…
-
Hi,
I currently have a ZDMA card. It differs from other normal DMA cards since it utilises a Thunderbolt interface and 2x100T chips:
https://github.com/ufrisk/pcileech-fpga/tree/master/ZDMA
I w…