ratarun

> what result(s) do you get if you use `-p 1888` instead of offset? Hi Andrew, thanks for the reply. When I run `python vol.py --profile Win7SP1x86_24000 -f win7.core dlllist...

`python vol.py --profile Win7SP1x86_24000 -f win7.core kdbgscan` ``` Volatility Foundation Volatility Framework 2.6.1 ************************************************** Instantiating KDBG using: Kernel AS Win7SP1x86_24000 (6.1.7601 32bit) Offset (V) : 0x82787de8 Offset (P) : 0x2787de8...

`python vol.py --profile Win7SP1x86_24000 -ddd -f win7.core dlllist --offset=0x00000000dfbc9fbc` ``` Volatility Foundation Volatility Framework 2.6.1 DEBUG : volatility.debug : Applying modification from BasicObjectClasses DEBUG : volatility.debug : Applying modification from...

Hi Andrew, sorry for the delay. I have posted the outputs for the **two** commands you mentioned in the comments above.