Re: [Vol-users] Help to add new plugin

Good afternoon Jamie I copied the file ethscan.py in volatility/plugins and…. I executed: remnux@remnux:~/Desktop/volatility-2.3.1$ sudo make clean rm -f `find . -name "*.pyc" -o -name "*~"` rm -rf dist build remnux@remnux:~/Desktop/volatility-2.3.1$ sudo vol.py -v ethscan -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img ERROR : __main__ : You must specify something to do (try -h) The same error :( El 14/11/2013, a las 14:05, Jamie Levy &lt;jamie.levy(a)gmail.com&gt; escribió: Oh, also if you copied the ethscan plugin to your volatility/plugins directory, don't use the --plugins option ------------------------------ *From: * David &lt;eterno.comandante(a)gmail.com&gt; *Date: *Thu, 14 Nov 2013 13:53:05 +0100 *To: *Jamie Levy&lt;jamie.levy(a)gmail.com&gt; *Cc: *Volatility List&lt;vol-users(a)volatilityfoundation.org&gt; *Subject: *Re: [Vol-users] Help to add new plugin Hi Jamie Thanks again... I executed "sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 ethscan” And i have new errors, (i use vol.py 2.3.1 non instalable version volatility 2.3.1) Do you know if has anybody a similar problem with ethscan plugin? Traceback (most recent call last): File "/usr/local/bin/vol.py", line 186, in <module> main() File "/usr/local/bin/vol.py", line 143, in main registry.register_global_options(config, commands.Command) File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py", line 157, in register_global_options for m in get_plugin_classes(cls, True).values(): File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py", line 152, in get_plugin_classes raise Exception("Object {0} has already been defined by {1}".format(name, plugin)) Exception: Object EthScan has already been defined by <class 'volatility.plugins.ethscan_rc1.EthScan'> Best regards El 14/11/2013, a las 12:45, Jamie Levy &lt;jamie.levy(a)gmail.com&gt; escribió: Try: sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 ethscan First: --plugins takes in either a directory or a zipfile, not a plugin Second: You didn't specify which plugin to run (ethscan) ------------------------------ *From: * David &lt;eterno.comandante(a)gmail.com&gt; *Date: *Thu, 14 Nov 2013 10:41:47 +0100 *To: *Jamie Levy&lt;jamie.levy(a)gmail.com&gt; *Cc: *Volatility List&lt;vol-users(a)volatilityfoundation.org&gt; *Subject: *Re: [Vol-users] Help to add new plugin Sorry I had a typo i didn´t write --profile=Win7SP1x64 sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 I have the same error of ever :( Volatility Foundation Volatility Framework 2.3.1 ERROR : __main__ : You must specify something to do (try -h) Thanks!! El 14/11/2013, a las 09:36, David &lt;eterno.comandante(a)gmail.com&gt; escribió: Hi @Jamie and list Thanks very much for your support ;) I’ve same errors when i’m executing: :( sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img The error: Volatility Foundation Volatility Framework 2.3.1 ERROR : __main__ : You must specify something to do (try -h) Maybe the cause of this error can be that the new plugin “ethscan" isn't compatible with non instalable version of volatility 2.3.1, what do you think about? On the other hand, i found a brief tutorial about ethscan: https://code.google.com/p/jamaal-re-tools/source/browse/volplugins/README.t… vol.py ethscan -f be2.vmem -R --dump-dir outputfiles -C out.pcap -P -S The execution of the vol.py command is different……. :( He does not the flag —-plugin= Thanks for all!! Ps: My apologies for my level of english El 13/11/2013, a las 16:43, Jamie Levy &lt;jamie.levy(a)gmail.com&gt; escribió: Hi David, I think you might have also asked this on the channel. So yes, you should use the `--plugins=/path/to/folder/with/ethscan` option, obviously changing the path to a folder that has that plugin. If you were the person on the channel, the issue that you were having is because you must specify `--plugins` first, BEFORE any other options to vol.py: http://code.google.com/p/volatility/wiki/VolatilityUsage23#Specifying_Addit… Let me know if you have any other questions. All the best, -gleeda On Tue, Nov 12, 2013 at 6:42 AM, David Martin &lt;eterno.comandante(a)gmail.com -- PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92