iMHLv2

Hello...was `Win2008R2SP1x64_23418` among the different profiles you tried?

There's a 19041 profile in the repo now, which should probably work for 19042, but let me know if it doesn't.

What's your plugin look like? Have you implemented `render_text`?

The backtrace in your first post mentions filescan.py and the backtrace in your latest post mentions win32/tasks.py. Those are both windows-only plugins. It seems like cuckoo is running windows-only plugins...

What's the GUID for that ntoskrnl.exe?

So the warning `Cannot find nt!ObGetObjectType` indicates that we're able to find the NT module in memory, but can't parse its export table (thus we can't find the cookie value,...

Actually, I can tell that the RVA for that GUID is `0x3a6460` so if you just add that to the base address of the NT module, then you should be...

Thanks...yeah, the RVA 0x3a6460 is correct for that file. Can you `dd` the address `0xfffff801761c5460` in volshell and paste the output?

Definitely doesn't look like a cookie value at that address. Can you `moddump --base=0xfffff80175e1f000` (with and without `--memory`) and post those two?

Ah nice. Well one thing that was broken is I told you the `--cookie` takes the address of `nt!ObHeaderCookie` when it actually takes the cookie value (dword stored at `nt!ObHeaderCookie`)...