Greetings,

Thank you for your help, particularly on a Sunday!

I'm still running into issues with this for some reason. I checked out a new copy, copied my profiles in,  and then:

Sun Feb 24 15:21:49 CST 2013
bash-3.2# python vol.py --info | grep Mac
Volatile Systems Volatility Framework 2.3_alpha
MachOAddressSpace       - Address space for mach-o files to support atc-ny memory reader
mac_version             - Prints the Mac version
mac_vfs_events          - Lists Mac VFS Events
bash-3.2# ls -l volatility/plugins/overlays/mac
total 2520
drwxr-xr-x  8 root  wheel     272 Feb 24 15:19 .svn
-rw-r--r--  1 root  wheel  217337 Feb 24 15:20 10.7.5.32bit.zip
-rw-r--r--  1 root  wheel  494428 Feb 24 15:20 10.7.5.64bit.zip
-rw-r--r--  1 root  wheel  494428 Feb 24 15:20 10.8.2.64bit.zip
-rw-r--r--  1 root  wheel       0 Feb 24 15:19 __init__.py
-rw-r--r--  1 root  wheel     156 Feb 24 15:20 __init__.pyc
-rw-r--r--  1 root  wheel   34737 Feb 24 15:19 mac.py
-rw-r--r--  1 root  wheel   34533 Feb 24 15:20 mac.pyc

-David

On Feb 24, 2013, at 3:10 PM, Michael Hale Ligh <michael.hale@gmail.com> wrote:

David, 

It is not intentional for volatility.plugins.overlays.mac to be missing from setup.py (it was probably missed when merging the old mac branch into trunk). However, unless you plan on using volatility as a library (i.e. importing it from other Python scripts), you don't need setup.py at all.

svn checkout https://volatility.googlecode.com/svn/trunk/ volatility
$ cd volatility
$ cp <PATH TO YOUR PROFILE>/Mac10.6.zip volatility/plugins/overlays/mac
$ python vol.py --info | grep Mac 

Before the 2.3 release, setup.py will be fixed in case you do plan on installing volatility as a library. Also, pre-built Mac profiles for all common OS X kernels will be available at that time, so you won't need to build your own. 

MHL



On Sun, Feb 24, 2013 at 2:42 PM, David Kovar <dkovar@gmail.com> wrote:
Greetings,

I was adding OS X support to my copy of Volatility per the instructions on https://code.google.com/p/volatility/wiki/MacMemoryForensics. It went well but I thought I'd pull the most recent version while I was at it.

Mac support went away when I did so. setup.py is now missing:

                    "volatility.plugins.overlays.mac",

Even when I add that back, vol.py --info doesn't show the OS X profiles.

Is this intentional? Is there a different version that I should be using?

Thanks!

-David


_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users