Notifications
Clear all
Topic starter
Hello,
I'm new in using volatility.
I tried to use volshell thru vol.py, I got an error when using the command ("_EPROCESS") but somehow also with other commands.
Traceback (most recent call last)
File "<console>", line 1, in <module>
File "E\tools\volatility\volatility-master\volatility\plugins\volshell.py", line 372, in dt
profile = (space or self._proc.obj_vm).profile
AttributeError 'NoneType' object has no attribute 'obj_vm'
What could be the cause ?
Thanks
Posted : 19/12/2016 3:17 am
You must use "dt" which let you read the data structure of in this case the _EPROCESS structure
Use it like this
dt ("_EPROCESS")
Posted : 19/04/2017 11:48 am