RE: [Vol-dev] Possible Volatility Bug

Mike, I'm running the version pulled from SVN this morning, 1.3.1 (08.09.2009). How would I list the candidate DTB addresses? The way I found out about this problem originally was to just email Peter the error from memorize. He instantly recognized the problem. Also, how would I get the 1.4 branch to try out? Apologies for the dumb questions. I'm reasonably bright, but I only use this thing about once every four months. Thanks lots John -----Original Message----- From: Mike Auty [mailto:mike.auty@gmail.com] Sent: Wednesday, January 06, 2010 7:48 AM To: McCash John-GKJN37 Subject: Re: [Vol-dev] Possible Volatility Bug Hiya John, First off could you please specify which version of volatility you're using (whether you're using a tarball, or the sources from subversion)? Also, whilst I can't comment too well on the 1.3 branch, I don't think Windows 2003 is supported, I believe it's mostly aimed at XP SP2. Having said that, it is possible to manually specify a DTB in the 1.4 branch using --dtb and in the 1.3 branch using -b (although for 1.3 this is probably plugin dependent). I'll leave it to someone who's been working with Volatility longer to give you a more in-depth answer once you let us know which version you were using, but hopefully this'll let you work around the problem for a bit... 5:) Mike 5:)