Re: [Vol-dev] Error with new packetscan module

Hiya Mike, My guess would be that you're using volatility-2.0, but the packetscan prototype that I put on issue 233 is only suitable for use with the latest trunk (which will hopefully become volatility-2.1 in the next month or two). If you're intending to write your own scanner then it should be a relatively suitable template to work from. I would recommend keeping your structures as vtypes if they're simple enough. If they require particularly complex parsing (conditionals, etc), then you may want to just extract the appropriate amount of data and have a separate parser that handles them. Hope that helps? Do let me know on issue 233 if you have any other problems with the packetscan prototype. It doesn't do everything yet, but hopefully won't require too much work to be useful... Mike 5:)