I am using the 2.1 Windows standalone exe.
I have a dd image of memory from the subject operating system and when I try to use pslist with the Win2008SP1x86 profile I get the following errors:
Traceback (most recent call last):
File "<string>", line 185, in <module>
File "<string>", line 176, in main
File "C:\volatility\build\pyi.win32\pyinstaller\vol.pkz\volatility.commands", line 111, in execute
File "C:\volatility\volatility\plugins\taskmods.py", line 138, in render_text
File "C:\volatility\build\pyi.win32\pyinstaller\vol.pkz\volatility.win32.tasks", line 72, in pslist
File "C:\volatility\volatility\plugins\overlays\windows\kdbg_vtypes.py", line 40, in processes
AttributeError: Could not list tasks, please verify your --profile with kdbgscan
When I try to verify my profile with kdbgscan I get the following for all profiles:
**************************************************
Instantiating KDBG using: Kernel AS Win2008SP1x86 (6.0.6001 32bit)
Offset (V) : 0x8193ec90
Offset (P) : 0x193ec90
KDBG owner tag check : True
Profile suggestion (KDBGHeader): Win2008SP1x86
Version64 : 0x8193ec68 (Major: 15, Minor: 6001)
Service Pack (CmNtCSDVersion) : 1
Build string (NtBuildLab) : 6001.18000.x86fre.longhorn_rtm.0
PsActiveProcessHead : 0x81954990 (0 processes)
PsLoadedModuleList : 0x8195ec70 (0 modules)
KernelBase : 0x81847000 (Matches MZ: True)
Major (OptionalHeader) : 6
Minor (OptionalHeader) : 0
KPCR : 0x8193f800 (CPU 0)
KPCR : 0x803d1000 (CPU 1)
Any help would be greatly appreciated.
Jon