Andrew Case

We are having the same issue on Windows 7 targets. It is definitely not a Windows 10 only problem.

I ran into this issue also. There are two related issues. The first is that commands that aren't supported in the big if/else block are't skipped. The second is that...

@robertstrom can you please checkout this branch: https://github.com/volatilityfoundation/volatility3/tree/issue_574_pstree_smear with: git pull git checkout issue_574_pstree_smear then run pstree and make sure you get processes output.

@robertstrom can you please run pslist with the verbose flags set and send the output?

The idlepml4_str backtrace looks fixed here: https://github.com/volatilityfoundation/volatility3/commit/b6165b439fdee399d933eb1162e845d1811a9e6a Do we have any samples that still do not produce the pslist output?

@ninja2017 can you share the memory samples from this issue? Also, I see that you have a .vmem extension. Is this from a VMware snapshot or suspended state? If so,...

Hello, I have two questions: 1) How is memory being acquired? 2) Can you please run pslist and lsmod and report if they produce output?

@PeterQi can you please try the pslist and lsmod plugins and report back if you get any output?

@ikelos do you have a sample still that exhibits this behaviour?

Had a similar error in unpack_word on a different file: ``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name,...