ECToo / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

dumpfiles doesn't work on .DMP file, but does when converted to raw memory dump #459

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. attempt to run dumpfiles on a Windows MEMORY.DMP file generated on Win2K3SP2

What is the expected output? What do you see instead?
No output generated. However I used imagecopy to convert this into a raw memory 
dump, and was then able to run dumpfiles on the memory image successfully

What version of the product are you using? On what operating system?
Current volatility 2.3.1 from SVN on Cygwin, running under Windows 7 x64

Please provide any additional information below.

Original issue reported on code.google.com by johnmcca...@gmail.com on 1 Nov 2013 at 8:09

GoogleCodeExporter commented 9 years ago

Original comment by michael.hale@gmail.com on 5 Nov 2013 at 7:35

GoogleCodeExporter commented 9 years ago
This will be fixed later in the week when the win8/server2012 changes are 
applied. 

Original comment by michael.hale@gmail.com on 6 Nov 2013 at 2:51

GoogleCodeExporter commented 9 years ago
Closing this issue and we've followed up with John via email to investigate 
further. It will be reopened if changes are needed. 

Original comment by michael.hale@gmail.com on 7 Mar 2014 at 4:39