search

ECToo / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

HPAKExtract #509

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. From Kali Linux invoke volatility
2. vol hpakextract -f /path_to.hpak --output-file=/path_to.bin
3.

What is the expected output? What do you see instead?
I expect to see the raw memory image extracted from the .hpak.  Instead it 
results in a Zero length .bin file

What version of the product are you using? On what operating system?
Kali Linux, volatility Framework 2.3.1

Please provide any additional information below.

vol hpakinfo -f /path_to.hpak works fine.  Here are the exact results:

Volatility Foundation Volatility Framework 2.3.1
Header:       HPAKSECTHPAK_SECTION_PHYSDUMP
Length:       0xcb000000
Offset:       0x4f8
NextOffset:   0x688eeb20
Name:         memdump.bin
Compressed:   1

Header:       HPAKSECTHPAK_SECTION_PAGEDUMP
Length:       0xca904000
Offset:       0x688eeff8
NextOffset:   0x1331f2ff8
Name:         dumpfile.sys
Compressed:   0

Original issue reported on code.google.com by tim.duck...@gmail.com on 8 Jul 2014 at 7:38

GoogleCodeExporter commented 9 years ago

Original comment by jamie.l...@gmail.com on 11 Jul 2014 at 9:01

GoogleCodeExporter commented 9 years ago 
via email

Original comment by michael.hale@gmail.com on 11 Jul 2014 at 9:26