Re: [Vol-users] PSXView Problems.

I am having problems with my PSXView. On multiple occasions I have started this command and left it running overnight and by the next morning there has been no reported data. The command appears to be stalled. I am not sure where to look for the exact problem. I have looked into the Python address space with WinDbg and have noted, with !VAD, a segment of memory that is EXECUTE_READWRITE that is not listed as a process. It is identified as "Private". When peering into the segment of memory, I have noted a number of locations where there is an "MZ" prefix that designates a Windows PE. This is followed by "This program cannot......" so I know that this block contains executable code. When analyzing the code further there is a number of these programs, I have found headers designating that these are DLLs. Should this code block be present? With my limited training, I understand that all DLLs should be loaded by the loader and reflected in the address space with a VAD not burried in a segment of code. Has anyone else experienced this problem? Is my PSXView problem related to something else? Is there a way to isolate the issue further from here? I did a dump of Python using Procexedump but have not reviewed the IAT of the file or attempted to disassemble the file. I am new to reverse engineering so I am looking for the closest rope to grab onto. _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users