Hey Sebastien, 

Thanks for reporting this issue. Its been fixed in the latest revision: https://code.google.com/p/volatility/source/detail?r=3099

Cheers!
MHL


On Tue, Feb 12, 2013 at 5:28 PM, Sebastien Bourdon-Richard <sebastienbr@gmail.com> wrote:
Hi,

I am looking at the linux_tmpfs plugin and have a problem that I think is related to Windows. The problem happens when I try to extract tmpfs files.  

I'm not a python programmer but it seems to be related to str vs the String module. 

If I patch tmpfs.py and I convert the "String" module into str, everything works as expected:

new_file = os.path.join(parent, str(name))
(https://code.google.com/p/volatility/source/browse/trunk/volatility/plugins/linux/tmpfs.py#72)


Here's my error with tmpfs.py r3097:

H:\Volatility\Volatility2.3SVN-3070>python vol.py -f Evo4GRodeo.lime --profile=LinuxEvo4Gx86 linux_tmpfs -S 1 -D app-cache
Volatile Systems Volatility Framework 2.3_alpha
WARNING : volatility.obj      : Overlay structure tty_struct not present in vtypes
WARNING : volatility.obj      : Overlay structure cpuinfo_x86 not present in vtypes
Traceback (most recent call last):
  File "vol.py", line 186, in <module>
    main()
  File "vol.py", line 177, in main
    command.execute()
  File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\common.py", line 57, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "H:\Volatility\Volatility2.3SVN-3070\volatility\commands.py", line 111, in execute
    func(outfd, data)
  File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 177, in render_text
    for (i, path) in data:
  File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 160, in calculate
    self.walk_sb(root_dentry)
  File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 108, in walk_sb
    self.process_directory(root_dentry, parent = cur_dir)
  File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 72, in process_directory
    new_file = os.path.join(parent, name)
  File "H:\Python27\lib\ntpath.py", line 73, in join
    elif isabs(b):
  File "H:\Python27\lib\ntpath.py", line 57, in isabs
    s = splitdrive(s)[1]
  File "H:\Python27\lib\ntpath.py", line 125, in splitdrive
    if p[1:2] == ':':
TypeError: 'String' object has no attribute '__getitem__'


Is there something I can do to correct the problem from my side or should I open an issue on google code?

Regards,

Sebastien
 

_______________________________________________
Vol-dev mailing list
Vol-dev@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev