Andrew Case

I just triggered this same issue on a file from a memory sample.

Also had a very similar backtrace on a different file. The line number was just a few down (163). I can make a separate ticket if easier: ``` Traceback (most...

Hello, Can you please copy/paste the command line input/output as you try to create the profile? Thanks, Andrew (@attrc) On 01/25/2016 03:04 AM, benoitne wrote: > Hi, > I have...

A few things: 1) How was memory acquired? Is this from a crashdump after a blue screen? 2) Can you please paste the full input/output of running kdbgscan? 3) Volatility...

Can you re-run kdbgscan with --profile=Win7SP1x64_23418 set and show the full input/output?

Would it be possible to use the latest source version of Volatility and re-run the kdbgscan?

what result(s) do you get if you use ```-p 1888``` instead of offset?

Hey, Can you please run two more commands and paste the output: 1) kdbgscan with --profile set to Win7SP1x86_24000. Please let the command finish (it might take a while) and...

Hello, Which versions of Windows 10 did you test this signature with? Thanks

@gaterunner341 I would suggest kdbgscan instead of imageinfo. Also, if you know the profile already, what are you looking to gain from imageinfo?