[Vol-users] Plugin errors in scudette-branch

Hi everybody, i have tried the scudette branch r1628 for linux memory analysis and received some Errors. My test-systems were Ubuntu 11.10 (Kernel 3.0.0-17-generic, 64 Bit) and Debian 6.0.2.1 (Kernel 2.6.32-5-686, 32 Bit). The plugins i have tested were pslist, cpuinfo, dmesg, ifconfig and netstat. As i followed the instructions at the Wiki-Page the first thing i have noticed was an NameError after the *vol pslist* command: $ python vol.py Welcome to volshell! To get help, type 'help()' In [1]: session.filename = "memory.dd" In [2]: session.profile_file = "myprofile.zip" In [3]: session.profile = "Linux32" In [4]: vol pslist ------> vol(pslist) --------------------------------------------------------------------------- NameError Traceback (most recent call last) /home/vitax/lin64-support/vol.py in <module>() ----> 1 2 3 4 5 NameError: name 'pslist' is not defined After i changed the *In [4]: vol pslist* command into *In [4]: vol "pslist"*the NameError disappeared and the pslist plugin worked well on both systems. The next plugin was cpuinfo. On both system i've got the right processor output, but on Ubuntu i additionally received a warning/error: In [5]: vol "cpuinfo" ------> vol("cpuinfo") Processor Vendor Model *ERROR:root:Constant per_cpu__cpu_info does not exist in profile.* 0 GenuineIntel Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Out[5]: <volatility.plugins.linux.cpuinfo.CpuInfo object at 0x2fc5190> The ifconfig plugin returned on both systems a ValueError. *On Ubuntu:* In [6]: vol "ifconfig" ------> vol("ifconfig") lo 127.0.0.1 00:00:00:00:00:00 ERROR:root:Error: Unknown format code 's' for object of type 'int' --------------------------------------------------------------------------- ValueError Traceback (most recent call last) /home/vitax/lin64-support/vol.py in <module>() ----> 1 2 3 4 5 /home/vitax/lin64-support/volatility/session.py in vol(self, plugin_cls, fd, debug, output, **kwargs) 194 kwargs['session'] = self 195 result = plugin_cls(**kwargs) --> 196 result.render(fd) 197 198 return result /home/vitax/lin64-support/volatility/plugins/linux/ifconfig.py in render(self, outfd) 97 98 outfd.write("{0:8s} {1:16s} {2:32s}\n".format( ---> 99 net_dev.name, ip, mac_addr)) 100 101 ValueError: Unknown format code 's' for object of type 'int' *On Debian:* In [6]: vol "ifconfig" ------> vol("ifconfig") lo 127.0.0.1 00:00:00:00:00:00 eth0 10.0.2.15 08:00:27:f6:0e:dd ERROR:root:Error: Unknown format code 's' for object of type 'int' --------------------------------------------------------------------------- ValueError Traceback (most recent call last) /home/vitax/lin64-support/vol.py in <module>() ----> 1 2 3 4 5 /home/vitax/lin64-support/volatility/session.pyc in vol(self, plugin_cls, fd, debug, output, **kwargs) 194 kwargs['session'] = self 195 result = plugin_cls(**kwargs) --> 196 result.render(fd) 197 198 return result /home/vitax/lin64-support/volatility/plugins/linux/ifconfig.pyc in render(self, outfd) 97 98 outfd.write("{0:8s} {1:16s} {2:32s}\n".format( ---> 99 net_dev.name, ip, mac_addr)) 100 101 ValueError: Unknown format code 's' for object of type 'int' After that i tried the netstat plugin. I received on both systems an AttributeError: *On Ubuntu:* * * In [7]: vol "netstat" ------> vol("netstat") --------------------------------------------------------------------------- AttributeError Traceback (most recent call last) /home/vitax/lin64-support/vol.py in <module>() ----> 1 2 3 4 5 /home/vitax/lin64-support/volatility/session.py in vol(self, plugin_cls, fd, debug, output, **kwargs) 178 """ 179 if isinstance(plugin_cls, basestring): --> 180 plugin_cls = getattr(self.plugins, plugin_cls) 181 182 if output is not None: /home/vitax/lin64-support/volatility/session.py in __getattr__(self, attr) 79 return self.plugins[attr] 80 except KeyError: ---> 81 raise AttributeError(attr) 82 83 AttributeError: netstat *On Debian:* * * In [7]: vol "netstat" ------> vol("netstat") ERROR: An unexpected error occurred while tokenizing input The following traceback may be corrupted or invalid The error message is: ('EOF in multi-line statement', (40, 0)) --------------------------------------------------------------------------- AttributeError Traceback (most recent call last) /home/vitax/lin64-support/vol.py in <module>() ----> 1 2 3 4 5 /home/vitax/lin64-support/volatility/session.pyc in vol(self, plugin_cls, fd, debug, output, **kwargs) 178 """ 179 if isinstance(plugin_cls, basestring): --> 180 plugin_cls = getattr(self.plugins, plugin_cls) 181 182 if output is not None: /home/vitax/lin64-support/volatility/session.pyc in __getattr__(self, attr) 79 return self.plugins[attr] 80 except KeyError: ---> 81 raise AttributeError(attr) 82 83 AttributeError: netstat In the end i tried the dmesg plugin. On Debian it worked well, but on Ubuntu i got this error: In [8]: vol "dmesg" ------> vol("dmesg") ERROR:root:Error: 'ascii' codec can't decode byte 0xc2 in position 74140: ordinal not in range(128) --------------------------------------------------------------------------- UnicodeDecodeError Traceback (most recent call last) /home/vitax/lin64-support/vol.py in <module>() ----> 1 2 3 4 5 /home/vitax/lin64-support/volatility/session.py in vol(self, plugin_cls, fd, debug, output, **kwargs) 194 kwargs['session'] = self 195 result = plugin_cls(**kwargs) --> 196 result.render(fd) 197 198 return result /home/vitax/lin64-support/volatility/plugins/linux/dmesg.py in render(self, outfd) 44 45 def render(self, outfd): ---> 46 outfd.write(self.get_dmesg()) 47 48 /home/vitax/lin64-support/volatility/session.py in write(self, data) 111 def write(self, data): 112 # Encode the data according to the output encoding. --> 113 data = data.encode(self.encoding) 114 try: 115 self.pager.write(data) UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 74140: ordinal not in range(128)