[panda-users] How to use volatility with memsavep dumps
Giovanni Mascellani
g.mascellani at gmail.com
Fri Oct 21 18:05:39 EDT 2016
Hi.
Il 21/10/2016 21:57, Brendan Dolan-Gavitt ha scritto:
> I think I have seen this before, but can't reproduce it at the moment.
> Do other values of percent= work? And, is ssltest something you can
> share so we can debug?
It turned out that the problem is that I did not specify a profile. I
think that volatility interprets the image as being some Windows
version, but it is not; volatility is puzzled and believes that the
problem is in the address space. Specifying the right profile solves
everything.
BTW, I plan to publish the test RR anyway, as soon as I find the time to
clean a bit the plugins I am developing in my personal branch and write
some docs.
Thanks, Giovanni.
--
Giovanni Mascellani <g.mascellani at gmail.com>
PhD Student - Scuola Normale Superiore, Pisa, Italy
http://poisson.phc.unipi.it/~mascellani
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20161021/8e286210/attachment.bin
More information about the panda-users
mailing list