FileObjScan Plugin
by Mark Morgan
While running the above plugin using Vol 1.3.2 I keep getting the following
error. It runs just fine for few minutes then I get the error "Range
results has too many items." My question, is this expected? or is this a
bug? Here is the output:
root@morgan-laptop:/digitalforensics/Volatility-1.3.2# ./volatility
fileobjscan -f /home/morgan/Raw\ Memory/PhysicalMemory.bin > fileobj.txt
Traceback (most recent call last):
File "./volatility", line 219, in <module>
main()
File "./volatility", line 215, in main
command.execute()
File "/digitalforensics/Volatility-1.3.2/memory_plugins/fileobjscan.py",
line 257, in execute
scan_addr_space(search_addr_space, scanners)
File "/digitalforensics/Volatility-1.3.2/forensics/win32/scan2.py", line
218, in scan_addr_space
o.process(chunk,as_offset+poffset, metadata=metadata)
File "/digitalforensics/Volatility-1.3.2/forensics/win32/scan2.py", line
148, in process
self.process_buffer(buf,self.offset,metadata)
File "/digitalforensics/Volatility-1.3.2/forensics/win32/scan2.py", line
425, in process_buffer
self.object_action(buff,ooffset)
File "/digitalforensics/Volatility-1.3.2/memory_plugins/fileobjscan.py",
line 190, in object_action
for i in range(count):
OverflowError: range() result has too many items
Mark Morgan
14 years, 9 months
- 3
- 2