[Vol-users] moddump related
corey_harrell at yahoo.com
Tue Mar 12 12:01:00 CDT 2013
I apologize in advanced if I'm overlooking something. I'm using the Windows binary of Volatility 2.2 on a Windows 7 platform. Could someone tell me how I can extract a certain driver using the offset?
I looked at the moddump help and the offset option is not listed. I tried to use -o anyway and got an error saying there is no such option (--offset=offset didn't work either). The Volatility command wiki doesn't show the moddump help but it does link to this post which shows the offset as an option:
I'm not that familiar with Python so looking at the plugin code wasn't that helpful for me. What I am trying to do is to extract a specific driver from a memory image. The moddump command works for extracting all drivers but it would be nice to extract only the one I need.
Thanks for any help
"Journey into Incident Response"
More information about the Vol-users