[Vol-users] Help with ModDump

bdolangavitt at wesleyan.edu bdolangavitt at wesleyan.edu
Mon Jul 27 15:39:41 CDT 2009


Hi,

Based on a quick look, I think your problem is that you are trying to
redirect the output of the command into a directory. Moddump dumps kernel
modules to the current directory. Give the command a try without the ">
/f/dumps"; it should produce files named driver.[address].sys in the
current directory.

-Brendan

>
>
> Hey Mark,
>
> Thanks for the email.  The Volatility team appreciates all feedback and we
> welcome any questions you may have.
>
> What operating system are you using as your analysis platform?  Have you
> tried specifying an output directory (-d)?
>
> Can you clarify what you mean "except those that require a dump"? What
> commands are giving you trouble?
>
> Thanks,
>
> AW
>
> On Sun, 26 Jul 2009, Mark Morgan wrote:
>
>> I am using WIN XP SP 2, python 2.6.2 and the 1.3 beta of volatility.  I
>> can
>> get all the scripts to work just fine except those that require a dump.
>> I
>> am trying to dump the mods out of memory using the following syntax:
>> python volatility moddump -f /c/memory.img > /f/dumps
>>
>>
>> I have also tried with the backslash and forward slash but I either get
>> the
>> error:
>>
>> "File exists" or "Access Denied"
>>
>>
>> Any help would be appreciated.
>>
>> Mark Morgan
>> DOE/CIRC
>> Las Vegas, NV
>>
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
>




More information about the Vol-users mailing list