Volatility Standalone for Windows incorrectly states profile is invalid

[GoogleCodeExporter]

What steps will reproduce the problem?

1. Try to run linux_pslist or a similar command with an Android memory image 
and a known-working corresponding profile, i.e.:

volatility-standalone.exe -f hammerhead.dump --plugins=profiles 
--profile=LinuxhammerheadARM linux_pslist

where profiles is a subdirectory of the folder containing 
volatility-standalone.exe and LinuxhammerheadARM is a valid profile as 
ascertained via:

volatility-standalone.exe --plugins=profiles --info | findstr Linux

What is the expected output? What do you see instead?

Expected output is standard pslist output from Volatility. Instead, output is:

Error: volatility.debug : Invalid profile LinuxhammerheadARM selected

What version of the product are you using? On what operating system?

Tested 2.3.1 & 2.4 standalone for Windows on Win7 Pro SP1 64bit.

Please provide any additional information below.

Using the same files (memory dump and profile) with the "source code" version 
of Volatility along with Python 2.7.8 works fine, giving the proper output. 
It's a Nexus 5 Android 5.1.1 memory dump, in case that matters.

Original issue reported on code.google.com by simonbro...@gmail.com on 16 Jul 2015 at 5:45

• Merged into: #521

[GoogleCodeExporter]

So apparently this may be system-dependent - just tried a second system (also 
Win7 Pro SP1 64bit) and the scenario described to reproduce above produces the 
expected pslist output.

I can provide hardware details for both systems (working and non-working) if 
needed, but I doubt there's a relevant difference - both are Sandy Bridge 
based, fully updated Win7 Pro SP1 systems.

Original comment by simonbro...@gmail.com on 16 Jul 2015 at 5:54

[GoogleCodeExporter]

Original comment by mike.auty@gmail.com on 16 Jul 2015 at 10:09

• Changed state: Duplicate