[Vol-dev] linux_tmpfs plugin

Hi, I am looking at the linux_tmpfs plugin and have a problem that I think is related to Windows. The problem happens when I try to extract tmpfs files. I'm not a python programmer but it seems to be related to str vs the String module. If I patch tmpfs.py and I convert the "String" module into str, everything works as expected: new_file = os.path.join(parent, *str(name)*) ( https://code.google.com/p/volatility/source/browse/trunk/volatility/plugins… ) Here's my error with tmpfs.py r3097: H:\Volatility\Volatility2.3SVN-3070>python vol.py -f Evo4GRodeo.lime --profile=LinuxEvo4Gx86 linux_tmpfs -S 1 -D app-cache Volatile Systems Volatility Framework 2.3_alpha WARNING : volatility.obj : Overlay structure tty_struct not present in vtypes WARNING : volatility.obj : Overlay structure cpuinfo_x86 not present in vtypes Traceback (most recent call last): File "vol.py", line 186, in <module> main() File "vol.py", line 177, in main command.execute() File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\common.py", line 57, in execute commands.Command.execute(self, *args, **kwargs) File "H:\Volatility\Volatility2.3SVN-3070\volatility\commands.py", line 111, in execute func(outfd, data) File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 177, in render_text for (i, path) in data: File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 160, in calculate self.walk_sb(root_dentry) File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 108, in walk_sb self.process_directory(root_dentry, parent = cur_dir) File "H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py", line 72, in process_directory new_file = os.path.join(parent, name) File "H:\Python27\lib\ntpath.py", line 73, in join elif isabs(b): File "H:\Python27\lib\ntpath.py", line 57, in isabs s = splitdrive(s)[1] File "H:\Python27\lib\ntpath.py", line 125, in splitdrive if p[1:2] == ':': TypeError: 'String' object has no attribute '__getitem__' Is there something I can do to correct the problem from my side or should I open an issue on google code? Regards, Sebastien