search

Stan1989 / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

-p volatility standalone 2.2 windows7 #437

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. why -p dont work?
2. is something to replace this command? if i want to pick up process id.
3. like doing this:

$ python vol.py -f ~/Desktop/win7_trial_64bit.raw --profile=Win7SP0x64 dlllist 
-p 1892

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?
volatility standalone 2.2

Please provide any additional information below.
windows7

Original issue reported on code.google.com by psdtohtm...@gmail.com on 2 Aug 2013 at 8:22

GoogleCodeExporter commented 9 years ago 
can you paste in the output of pslist here?

Original comment by jamie.l...@gmail.com on 5 Aug 2013 at 4:36

GoogleCodeExporter commented 9 years ago 
So we just noticed that you are using a command from the wiki and not your own 
sample.  You may not have a process with pid 1892 in your sample.  Also your 
commandline above is not from the standalone (exe).  We will need more 
information about what you are trying to do.

For example: did you run pslist and then find a process of interest in that 
list and then take its process ID (pid) and give it to dlllist with -p ?  If 
you find a process using psscan or psxview  and it is not found in pslist then 
you have to specify the physical offset (left column) using -o <offset> instead 
of -p <pid>.

Original comment by jamie.l...@gmail.com on 5 Aug 2013 at 4:42

GoogleCodeExporter commented 9 years ago 
psdtohtml5511: Did you figure out what happened with your sample?  May I close 
this issue?  

If I don't hear anything back by Monday 8/11 I will close out this issue.  If 
you find that you still have a problem you may reopen it at that time.

Original comment by jamie.l...@gmail.com on 9 Aug 2013 at 12:57

GoogleCodeExporter commented 9 years ago 
yes you can close this issue,
sorry it take time to respond,
the computer i use volatility framework is my sister computer i don't have time 
to deal with it now,
i have only 30gb free speace on my pc because that it don't work on my pc i will
try again when i buy new hard disk

Original comment by psdtohtm...@gmail.com on 11 Aug 2013 at 12:19

GoogleCodeExporter commented 9 years ago 
Thanks, psdtohtml5511.  I'm closing now, but you can reopen if you have the 
same issue sometime later.

Original comment by jamie.l...@gmail.com on 12 Aug 2013 at 3:34