Join Us!

Notifications
Clear all

volshell error ?  

  RSS
Bastian
(@bastian)
New Member

Hello,

I'm new in using volatility.

I tried to use volshell thru vol.py, I got an error when using the command ("_EPROCESS") but somehow also with other commands.

Traceback (most recent call last)
File "<console>", line 1, in <module>
File "E\tools\volatility\volatility-master\volatility\plugins\volshell.py", line 372, in dt
profile = (space or self._proc.obj_vm).profile
AttributeError 'NoneType' object has no attribute 'obj_vm'

What could be the cause ?

Thanks

Quote
Posted : 19/12/2016 3:17 am
Goovscoov
(@goovscoov)
New Member

You must use "dt" which let you read the data structure of in this case the _EPROCESS structure

Use it like this

dt ("_EPROCESS")

ReplyQuote
Posted : 19/04/2017 12:48 pm
Share: