Re: [Vol-users] Volatility-Linux TypeError
26 Jan
2012
26 Jan
'12
8:43 p.m.
Can you please repeat this with the latest linux branch
(linux64-support) or scudettes branch? The current system takes a
profile generated from dwarf files (in a zip). See instructions in
tools/linux/README.txt
Michael.
On 26 January 2012 11:28, Patrick Burkard <pbuml(a)gmx.de> wrote:
Hello,
in the last view weeks i've tried to analyze Linux memorydumps with the
volatility-linux Version (Revision 1313 from svn).
My goal is to show that it is possible to discover hidden processes,
kernelmodules etc. (for example from a rootkit) from a memory dump. By
comparing the output from the memorydump analysis with the native
execution of the system commands.
I created a profile for the current stable Debian version.
Trying to use this profile leads to the following TypeError:
python volatility.py --profile=LinuxDebian26325 -f ~/Desktop/LF32.ram
linux_task_list_ps Volatile Systems Volatility Framework 1.4_rc1
Name Pid Uid
Traceback (most recent call last):
File "volatility.py", line 129, in <module>
main()
File "volatility.py", line 120, in main
command.execute()
File
"/home/dark-eye/Sources/volatility_linux/volatility/commands.py", line
101, in execute func(outfd, data) File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 59, in render_text for task in data: File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 50, in calculate for task in
linux_common.walk_list_head("task_struct", "tasks", init_task.tasks,
self.addr_space): File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_common.py",
line 110, in walk_list_head yield obj.Object(struct_name, offset =
list_ptr - offset, vm = addr_space) TypeError: unsupported operand
type(s) for -: 'instancemethod' and 'int'
I would really appreciate to debug or help to debug this issue. Sadly I
can't find a way to evaluate the correctness of the kernel-profile. Is
this a known problem from volatility-linux or could it be the result of
a failure i've made while creating the debian profile?
Thanks for every hint!
Greetings
Patrick
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users