pypykatz-volatility3 icon indicating copy to clipboard operation
pypykatz-volatility3 copied to clipboard

Published 20 hours ago verified publisher icon skelsec

help me,thanks

Open xiaozimo20 opened this issue 1 year ago • 1 comments

python3 vol.py -f OtterCTF.vmem -p ../pypykatz pypykatz Volatility 3 Framework 2.4.2 Progress: 100.00 PDB scanning finished

Volatility was unable to read a requested page: Page error 0x7f0 in layer primary_Process500 (Page Fault at entry 0x0 in page entry)

    * Memory smear during acquisition (try re-acquiring if possible)
    * An intentionally invalid page lookup (operating system protection)
    * A bug in the plugin/volatility3 (re-run with -vvv and file a bug)

No further results will be produced

xiaozimo20 avatar May 30 '23 19:05 xiaozimo20

try using memprocfs instead of volatility, that will produce you a .dmp file which you can load to pypykatz. But in general, full memory dumps might not always produce correct results because of memory smearing. In that case you might need to re-do the memory acquisition.

skelsec avatar May 30 '23 19:05 skelsec