What steps will reproduce the problem?
1. From Kali Linux invoke volatility
2. vol hpakextract -f /path_to.hpak --output-file=/path_to.bin
3.
What is the expected output? What do you see instead?
I expect to see the raw memory image extracted from the .hpak. Instead it
results in a Zero length .bin file
What version of the product are you using? On what operating system?
Kali Linux, volatility Framework 2.3.1
Please provide any additional information below.
vol hpakinfo -f /path_to.hpak works fine. Here are the exact results:
Volatility Foundation Volatility Framework 2.3.1
Header: HPAKSECTHPAK_SECTION_PHYSDUMP
Length: 0xcb000000
Offset: 0x4f8
NextOffset: 0x688eeb20
Name: memdump.bin
Compressed: 1
Header: HPAKSECTHPAK_SECTION_PAGEDUMP
Length: 0xca904000
Offset: 0x688eeff8
NextOffset: 0x1331f2ff8
Name: dumpfile.sys
Compressed: 0
Original issue reported on code.google.com by tim.duck...@gmail.com on 8 Jul 2014 at 7:38
Original issue reported on code.google.com by
tim.duck...@gmail.com
on 8 Jul 2014 at 7:38