PSTREE error
c0debr opened this issue · comments
I am attemtping to use pstree on volatility 2.6.1 and for whatever reason it does not appear to be working despite my using multiple profiles. and i require assistance in trying to find the cause of the error and correcting it?.
C:\Users\W0457579\Documents\volatility-master\volatility-master>
C:\Users\W0457579\Documents\volatility-master\volatility-master>
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win7SP1x64 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win7SP0x64 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win2008R2SP0x64 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win2008R2SP1x64_24000 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win2008R2SP1x64_23418 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win2008R2SP1x64 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win7SP1x64_24000 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win7SP1x64_23418 pstree
Volatility Foundation Volatility Framework 2.6.1
Name Pid PPid Thds Hnds Time
0xfffffa8006d26890: 0 0 0 ------ 1970-01-01 00:00:00 UTC+0000
C:\Users\W0457579\Documents\volatility-master\volatility-master>python vol.py -f "Clone of Clone of Windows 7 x64-a88debbd.vmem" --profile=Win7SP1x64 pslist
Volatility Foundation Volatility Framework 2.6.1
Offset(V) Name PID PPID Thds Hnds Sess Wow64 Start Exit
0xfffffa8006d26890 0 0 0 -------- ------ 0
C:\Users\W0457579\Documents\volatility-master\volatility-master>
This is now a duplicate of #878 which was transferred over from the volatility 3 repository.
i understand but i was told to come here since it was likely someone here could potentially provide more information.
Sure, if you're determined to use volatility 2 this is probably the best place to come (or the volatility 2 channel on slack ) but this git hub is essentially a ghost town, the developers have move on to volatility 3 and we encourage all our users to move on to volatility 3 as well. Good luck with your issue!