Fly safe! If you find others, just give us a shout.
MHL
On Thu, Oct 4, 2012 at 6:08 PM, David Kovar <dkovar(a)gmail.com> wrote:
Greetings,
That worked. Thanks!
About to get on a plane for a day or two so I shouldn't be finding any
more issues for awhile.
-David
On Oct 4, 2012, at 5:03 PM, Michael Hale Ligh <michael.hale(a)gmail.com>
wrote:
That one is definitely a bug. Since you're using a source distribution,
can you apply the patch below (also attached as a file in case that's
easier) and let me know if its resolved?
-MHL
Index: volatility/plugins/malware/malfind.py
===================================================================
--- volatility/plugins/malware/malfind.py (revision 2641)
+++ volatility/plugins/malware/malfind.py (working copy)
@@ -562,7 +562,7 @@
# vad region and then checking the first two bytes.
if obj.Object("_IMAGE_DOS_HEADER", offset = vad.Start, vm
= address_space).e_magic != 0x5A4D:
continue
- mapped_files[int(vad.Start)] = vad.FileObject.FileName
+ mapped_files[int(vad.Start)] =
str(vad.FileObject.FileName or '')
# For each base address with a mapped file, print info on
# the other PEB lists to spot discrepancies.
On Thu, Oct 4, 2012 at 5:31 PM, David Kovar <dkovar(a)gmail.com> wrote:
Greetings,
Same install, new error:
vol.py -f *.mem --profile=Win2003SP2x86 --kdbg=0x808943e0 --dtb=0x1595000
ldrmodules
<lots of valid output, then....>
Traceback (most recent call last):
File "/usr/local/bin/vol.py", line 5, in <module>
pkg_resources.run_script('volatility==2.2', 'vol.py')
File
"/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py",
line 489, in run_script
self.require(requires)[0].run_script(script_name, ns)
File
"/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py",
line 1207, in run_script
execfile(script_filename, namespace, namespace)
File
"/Library/Python/2.7/site-packages/volatility-2.2-py2.7.egg/EGG-INFO/scripts/vol.py",
line 186, in <module>
main()
File
"/Library/Python/2.7/site-packages/volatility-2.2-py2.7.egg/EGG-INFO/scripts/vol.py",
line 177, in main
command.execute()
File
"/Library/Python/2.7/site-packages/volatility-2.2-py2.7.egg/volatility/commands.py",
line 111, in execute
func(outfd, data)
File
"/Library/Python/2.7/site-packages/volatility-2.2-py2.7.egg/volatility/plugins/malware/malfind.py",
line 582, in render_text
mapped_files[base]
File
"/Library/Python/2.7/site-packages/volatility-2.2-py2.7.egg/volatility/commands.py",
line 201, in table_row
result = self._elide(("{0:" + spec.to_string() +
"}").format(args[index]), spec.minwidth)
UnicodeEncodeError: 'ascii' codec can't encode character u'\ufffd'
in
position 0: ordinal not in range(128)
-David
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
<volatility-ldrmodules-string.patch>