Gakaza / volatility

Automatically exported from code.google.com/p/volatility
0 stars 0 forks source link

Except psscan no other cmds are working #516

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I have installed volatility2.4 python version on windows2008r2sp1 server.

I have copied crash dumps from one of windows server and am able to run 
imagecopy, kdbgscan and psscan other than that no other command especially 
dllhost , netscan , hivelist , hivedump ,printkey and so on ....

Below is the output for all above mentioned cmds :- 

No suitable address space mapping found
Tried to open image as:
 MachOAddressSpace: mac: need base
 LimeAddressSpace: lime: need base
 WindowsHiberFileSpace32: No base Address Space
 WindowsCrashDumpSpace64BitMap: No base Address Space
 VMWareMetaAddressSpace: No base Address Space
 WindowsCrashDumpSpace64: No base Address Space
 HPAKAddressSpace: No base Address Space
 VirtualBoxCoreDumpElf64: No base Address Space
 QemuCoreDumpElf: No base Address Space
 VMWareAddressSpace: No base Address Space
 WindowsCrashDumpSpace32: No base Address Space
 AMD64PagedMemory: No base Address Space
 IA32PagedMemoryPae: No base Address Space
 IA32PagedMemory: No base Address Space
 OSXPmemELF: No base Address Space
 MachOAddressSpace: MachO Header signature invalid
 LimeAddressSpace: Invalid Lime header signature
 WindowsHiberFileSpace32: No xpress signature found
 WindowsCrashDumpSpace64BitMap: Unsupported dump format
 VMWareMetaAddressSpace: VMware metadata file is not available
 WindowsCrashDumpSpace64: Unsupported dump format
 HPAKAddressSpace: Invalid magic found
 VirtualBoxCoreDumpElf64: ELF Header signature invalid
 QemuCoreDumpElf: ELF Header signature invalid
 VMWareAddressSpace: Invalid VMware signature: 0x45474150
 WindowsCrashDumpSpace32: Header signature invalid
 AMD64PagedMemory: Failed valid Address Space check
 IA32PagedMemoryPae: Incompatible profile Win2008R2SP1x64 selected
 IA32PagedMemory: Incompatible profile Win2008R2SP1x64 selected
 OSXPmemELF: ELF Header signature invalid
 FileAddressSpace: Must be first Address Space
 ArmAddressSpace: Profile does not have valid Address Space check

Original issue reported on code.google.com by rbirla...@gmail.com on 3 Oct 2014 at 2:12

GoogleCodeExporter commented 8 years ago
Hello, we have moved to Github. Please post your issues there 
(https://github.com/volatilityfoundation/volatility). In particular, include 
your full command line used and your kdbgscan output. 

Original comment by michael.hale@gmail.com on 18 Oct 2014 at 2:14