this page is strange

[liberte97]

vol.py -f windows.psscan --> this command result is error

[ikelos]

Hiya,

Could you please verify that you're using the latest copy of volatility3 from git without any modifications?

This error message suggests that the psscan plugin is expecting to return a string for its first column, but the code in question should be expecting an integer (which a Pointer is), and that code hasn't changed in the repository in 8 months (so long before the public release). It's therefore not clear why the plugin would be expecting a string to be returned?

[liberte97]

recent volatility is strange. In vol2 it comes out normally

[ikelos]

Volatility 3 is written in python3, which means that strings are now unicode by default. This means that when invalid/corrupt data is displayed as a string it may display oddly (and include new lines or other special characters). If you think this is problematic, please open a separate issue about it, and we'll be happy to make a decision on what the best behaviour for the tool would be... 5:)

If that wasn't what you meant by "normally", but in fact you get different results between volatility2 and volatility3 then please file a separate issue as well, and include both the vol2 and vol3 output against the same image. Also, output to a file rather than images would be more useful for us to help diagnose the issue... 5:)

[liberte97]

This memory file is unicode?? not print iexplore.exe and rundll32.exe

vol2'result is normal vol3'result translate txt --> this picture vol3'result print --> 1hours ago picture

trouble process is iexplore.exe and rundll32.exe why this problem?