Reginald-Gillespie
commented
11 months ago Same issues, trying to figure it out
Open UIWP0 opened 2 years ago
Reginald-Gillespie
commented
11 months ago Same issues, trying to figure it out
jeky--
commented
7 months ago Bin2Dmp 3.0.0.undefined
Copyright (C) 2007 - 2021, Matthieu Suiche <http://www.msuiche.net>
Copyright (C) 2012 - 2014, MoonSols Limited <http://www.moonsols.com>
Copyright (C) 2016 - 2021, Comae Technologies DMCC <http://www.comae.io>
Copyright (c) 2022, Magnet Forensics, Inc. <https://www.magnetforensics.com/>
Initializing memory descriptors... Done.
Directory Table Base is 0x187000
Looking for Kernel Base...Failed.
Cannot open file. Please check if the file is not being used.It seems it does not recognize the kernel in memory. Having a look with volarility
Volatility 3 Framework 2.6.1
Progress: 100.00 PDB scanning finished
Variable Value
Kernel Base 0xf8007ce00000
DTB 0x1ad000
Symbols file:///C:/XYZ/volatility3/volatility3/symbols/windows/ntkrnlmp.pdb/A7DD074C948F81ECF4D65E3609DF4839-1.json.xz
Is64Bit True
IsPAE False
layer_name 0 WindowsIntel32e
memory_layer 1 FileLayer
KdVersionBlock 0xf8007da0f380
Major/Minor 15.19041
MachineType 34404
KeNumberProcessors 4
SystemTime 2024-02-22 18:55:35
NtSystemRoot C:\WINDOWS
NtProductType NtProductWinNt
NtMajorVersion 10
NtMinorVersion 0
PE MajorOperatingSystemVersion 10
PE MinorOperatingSystemVersion 0
PE Machine 34404
PE TimeDateStamp Sun Sep 24 11:23:52 2034I've tried to change the "ImageBase = 0xfffff80000000000ULL" in kernel.cpp without any luck.
Any help is appreciated \Jeky
Bin2Dmp 3.0.0.undefined Copyright (C) 2007 - 2017, Matthieu Suiche http://www.msuiche.net Copyright (C) 2012 - 2014, MoonSols Limited http://www.moonsols.com Copyright (C) 2015 - 2017, Comae Technologies FZE http://www.comae.io Copyright (C) 2017 - 2018, Comae Technologies DMCC http://www.comae.io
Initializing memory descriptors... Done. Directory Table Base is 0x122000 without PAE Looking for kernel variables... Failed. Cannot open file. Please check if the file is not being used.