No problem Jesse. I posted a reply on the issue tracker for this item. In the future, emails to the list are just fine - you never know when other people may have the same question/issue (and probably only the core devs check the issue tracker). 

Thanks!
MHL

On Tue, Jul 17, 2012 at 10:10 AM, Jesse Bowling <jessebowling@gmail.com> wrote:
Sorry; just saw the bit about 'use the issue tracker'...Posting there, and apologies for the spam.


On Tue, Jul 17, 2012 at 10:09 AM, Jesse Bowling <jessebowling@gmail.com> wrote:
I experienced one odd thing; when using the env variable VOLATILITY_LOCATION, volatility complains that "No suitable address space mapping found", however when the file is specified on the command line, all is well.  Output below:

root@Forensic-1:/case2/mem# vol.py --dtb=0x187000 psscan
Volatile Systems Volatility Framework 2.1_rc1
Offset(P)          Name                PID   PPID PDB                Time created         Time exited
------------------ ---------------- ------ ------ ------------------ -------------------- --------------------
No suitable address space mapping found  
Tried to open image as:
 WindowsHiberFileSpace32: No base Address Space
 WindowsCrashDumpSpace64: No base Address Space
 WindowsCrashDumpSpace32: No base Address Space
 AMD64PagedMemory: No base Address Space 
 JKIA32PagedMemory: No base Address Space
 JKIA32PagedMemoryPae: No base Address Space
 IA32PagedMemoryPae: Module disabled
 IA32PagedMemory: Module disabled
 FileAddressSpace: Location is not of file scheme

root@Forensic-1:/case2/mem# echo $VOLATILITY_LOCATION
/case2/mem/myimage.vmss
root@Forensic-1:/case2/mem# unset VOLATILITY_LOCATION
root@Forensic-1:/case2/mem# vol.py --dtb=0x187000 psscan
Volatile Systems Volatility Framework 2.1_rc1
ERROR   : __main__            : Please specify a location (-l) or filename (-f)
root@Forensic-1:/case2/mem# vol.py --dtb=0x187000 -f myimage.vmss psscan
Volatile Systems Volatility Framework 2.1_rc1
Offset(P)          Name                PID   PPID PDB                Time created         Time exited
------------------ ---------------- ------ ------ ------------------ -------------------- --------------------
0x0000000006107040 System                4      0 0x0000000000187000 2012-04-12 07:14:16
0x0000000006139b30 residentagent.     1248   1132 0x0000000128a0e000 2012-04-12 07:16:03
0x00000000061ba900 msdtc.exe          2164    484 0x00000001199a8000 2012-04-12 07:16:37
<snip>


On Mon, Jul 16, 2012 at 9:45 AM, Michael Hale Ligh <michael.hale@gmail.com> wrote:
Hey everyone, 

The 2.1 RC1 downloads are now available [1]. Per the usual, there are zip and tar archives of the source code, a windows module installer, and a standalone windows executable (with python and all dependencies build-in). We ask that you test vigorously over the next 2 weeks, especially with any x64 images, and let us know via the issue tracker [2] if you run into any bugs. At the end of July, we'll announce the official release of 2.1. 

Also, a lot of the documentation [3] has been updated, including the FAQ, command reference, features by plugin matrix, and roadmap, so that may be a useful resource to you when using 2.1. 

Thank you very much! 




_______________________________________________
Vol-users mailing list
Vol-users@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users




--
Jesse Bowling





--
Jesse Bowling