I'm happy to help as well.  I had asked on IRC if there was a "normal" way to submit suggestions/pull requests for minor things that don't seem big enough for an "issue".  The example I provided was enabling the use of the existing "--output" flag to enable csv (or json or whatever) output from various plugins.

The folks there suggested I ask on the mailing list.  I've seen the style guide, and I'm happy to submit code, I just want to do it according to convention, since I'm new to the volatility community.

Thanks,
Chris



On Thu, Jun 20, 2013 at 8:38 AM, nir izraeli <nirizr@gmail.com> wrote:

I'll say having volatility pythonic output will be awesome. I'd like to help anyone making that possible.

On Jun 20, 2013 8:53 AM, "Michael Hale Ligh" <michael.hale@gmail.com> wrote:
Hi Thorsten, 

Sorry for the delay getting back to you. To answer your questions: 

* I definitely think pairing Volatility and Cuckoo is awesome. 
* The Volatility version to use depends on what features you want to leverage. I would suggest 2.3 since it integrates the VMware snapshots and people may use Cuckoo w/ VMware (not to mention it has lots of bug fixes and new plugins since 2.2). 
* Unfortunately I don't know a way to get JSON or python dict output easily without duplicating some code. Hopefully after 2.3 we'll be able to make some changes that support a more unified output format. 

Hope this helps!
MHL


On Mon, May 6, 2013 at 3:25 AM, Thorsten Sick <thorsten.sick@avira.com> wrote:
Hi List

I am writing a Volatility plugin for Cuckoobox:

https://github.com/Thorsten-Sick/cuckoo/tree/volatility

That allows us to automate Malware analysis. Cuckoobox runs the malware
and creates a memory snapshot. Volatility extracts the information,
Cuckoobox afterwards generates nice reports from that.
These are ready for statistics and automated processing.

I hope to get the changes into the next Cuckoobox 0.7.

But at the moment using Volatility 2.2 I had to duplicate some code from
the Volatility plugins in Cuckoobox. I need data (python dict), not a
text log. Instead of duplicating code I would love to have a method in
the voaltility plugins that returns the data instead of some text log. I
would code that and (if you want) re-create the render_text methods to
also use the data from this method.

* What do you think ?
* Where to submit it for fast review and integration ?
* Any other requirements ?
* For which volatility version should I code (as far as I know you are
about to release 2.3 soonish)

Cheers
Thorsten Sick



--
Thorsten Sick, Research

Avira Operations GmbH & Co. KG
Kaplaneiweg 1
88069 Tettnang
Germany
Phone: +49 7542-500 0
Fax: +49 7542-500 3000
Internet: http://www.avira.com
_______________________________________________
Vol-dev mailing list
Vol-dev@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev


_______________________________________________
Vol-dev mailing list
Vol-dev@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev


_______________________________________________
Vol-dev mailing list
Vol-dev@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev