tag:blogger.com,1999:blog-6787362638788314904.post5122751042948796298..comments2024-03-07T06:22:55.106-05:00Comments on Push the Red Button: Plugin Post: ModdumpBrendan Dolan-Gavitthttp://www.blogger.com/profile/17143824408632888880noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-6787362638788314904.post-84106026040226278882012-05-13T16:41:33.859-04:002012-05-13T16:41:33.859-04:00My issue was resolved in volatility bug report 254...My issue was resolved in volatility bug report 254 (http://code.google.com/p/volatility/issues/detail?id=254). Basically despite this blog post saying "-o" expects the offset being passed to it, you need to pass the value from the "modules" volatility command's base column to "-o" for moddump to work with a specific module.John Musbachhttps://www.blogger.com/profile/05936265938226747839noreply@blogger.comtag:blogger.com,1999:blog-6787362638788314904.post-87161649741929970682012-05-13T15:01:42.700-04:002012-05-13T15:01:42.700-04:00Sorry, for some reason part of my post got strippe...Sorry, for some reason part of my post got stripped...<br /><br />For the "-f" parameter I use the image file name.<br /><br />For "--profile" parameter I use the volatility profile name.<br /><br />for "-D" I pass the destination directory.<br /><br />For "-o" I pass the memory offset.<br /><br />If you any ideas where I'm going wrong I'm all ears. Thanks!John Musbachhttps://www.blogger.com/profile/05936265938226747839noreply@blogger.comtag:blogger.com,1999:blog-6787362638788314904.post-91243776894880380962012-05-13T14:59:49.537-04:002012-05-13T14:59:49.537-04:00Hi, this looks like a very useful module...however...Hi, this looks like a very useful module...however with the latest version of volatility all I'm able to get is 0 byte files from this plugin. I'm using the command "python vol.py --profile -f moddump -D -o -u". <br /><br />Where am I going wrong?John Musbachhttps://www.blogger.com/profile/05936265938226747839noreply@blogger.comtag:blogger.com,1999:blog-6787362638788314904.post-68289829914406817902009-01-07T08:30:00.000-05:002009-01-07T08:30:00.000-05:00Brendan,Very nice! Always something good coming f...Brendan,<BR/><BR/>Very nice! Always something good coming from your corner of the blogosphere.<BR/><BR/>What would it take to push the current Volatility capability beyond XP, to 2003 and Vista? I'd like to do what I can to help with that, even if it means learning Python (I really like what JL did w/ vol2html.pl and have some ideas for expanding that...)<BR/><BR/>Keep up the good work!H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-6787362638788314904.post-12215913187295686982009-01-06T14:27:00.000-05:002009-01-06T14:27:00.000-05:00Nice Moyix, please find more time do the dll plugi...Nice Moyix, please find more time do the dll plugin ;-)echo6https://www.blogger.com/profile/06162017216837926615noreply@blogger.comtag:blogger.com,1999:blog-6787362638788314904.post-30010332265749938082009-01-06T09:23:00.000-05:002009-01-06T09:23:00.000-05:00Cool! Keep up the good work! and Happy New Year ...Cool! Keep up the good work! and Happy New Year :-)Jamie Levyhttps://www.blogger.com/profile/16089000750284843256noreply@blogger.com