[Vol-users] Error when using Printkey

I am trying to use printkey against a Windows XP image and keep getting an error when I use printkey. I have also provided the commands I used for hivescan and hivelist which work great but printkey does not. Does anyone have any suggestions as to why. I initially thought it was because it was SP3 so I ran the same plugins against the xp-laptop-2005-06-25.img that was suggested to use in Brendan's guide but I get the same results. Anyone have any thoughts as to why??? Mark Morgan 702-942-2556 morgan@morgan-laptop:/digitalforensics/Volatility-1.3_Beta$ ./volatility hivescan -f /home/morgan/Memory\ Images/PhysicalMemory.bin Offset (hex) 181006344 0xac9f008 181033824 0xaca5b60 189972488 0xb52c008 202671368 0xc148508 544586592 0x2075bb60 642878304 0x26518b60 643895304 0x26611008 678736920 0x2874b418 740933640 0x2c29c008 742706016 0x2c44cb60 789179232 0x2f09eb60 798029088 0x2f90f520 1107776776 0x42075508 1874516240 0x6fbad910 morgan@morgan-laptop:/digitalforensics/Volatility-1.3_Beta$ ./volatility hivelist -f /home/morgan/Memory\ Images/PhysicalMemory.bin -o 0xac9f008 Address Name 0xe6348910 \Documents and Settings\144553\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 0xebe6e508 \Documents and Settings\144553\NTUSER.DAT 0xe8287508 \WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 0xe1895520 \Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 0xe1882b60 \Documents and Settings\LocalService\NTUSER.DAT 0xe1396008 \Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 0xe139ab60 \Documents and Settings\NetworkService\NTUSER.DAT 0xe4f8eb60 \WINDOWS\system32\config\SAM 0xe77b9b60 \WINDOWS\system32\config\SECURITY 0xe77cd008 \WINDOWS\system32\config\SOFTWARE 0xe77ca418 \WINDOWS\system32\config\DEFAULT 0xe18b6008 [no name] 0xe1035b60 \WINDOWS\system32\config\SYSTEM 0xe102e008 [no name] morgan@morgan-laptop:/digitalforensics/Volatility-1.3_Beta$ ./volatility printkey -f /home/morgan/Memory\ Images/PhysicalMemory.bin -o 0xe1035b60 Key name: [9252] (Stable) Last updated: Wed Jul 29 02:08:26 2009 Subkeys: Traceback (most recent call last): File "./volatility", line 219, in <module> main() File "./volatility", line 215, in main command.execute() File "memory_plugins/registry/printkey.py", line 97, in execute for s in subkeys(key): File "/digitalforensics/Volatility-1.3_Beta/forensics/win32/rawreg.py", line 144, in subkeys s.is_valid() and s.Signature == NK_SIG] AttributeError: 'int' object has no attribute 'is_valid' morgan@morgan-laptop:/digitalforensics/Volatility-1.3_Beta$ ./volatility ident -f /home/morgan/Memory\ Images/PhysicalMemory.bin Image Name: /home/morgan/Memory Images/PhysicalMemory.bin Image Type: Service Pack 3 VM Type: pae DTB: 0x33e000 Datetime: Tue Aug 04 11:02:35 2009