4:13 a.m.
Hi
I am running - revision 3164
I get the following error when running: Ignore the import errors
# python2.7 vol.py -f /opt/hiberfil.sys --profile=WinXPSP3x86 imagecopy -O
/opt/winxp_sp3_2nd.raw
Volatile Systems Volatility Framework 2.3_alpha
*** Failed to import volatility.plugins.zeusscan1 (AttributeError: 'module'
object has no attribute 'ImpScan')
*** Failed to import volatility.plugins.zeusscan2 (AttributeError: 'module'
object has no attribute 'ApiHooks')
Writing data (5.00 MB chunks):
|......................................................................................................................................................................................................................................................ERROR
: volatility.plugins.imagecopy: Error when reading from address space
I have tried coping over the .sys file twice. I generated a new .sys file
and same error. It worked wonderfully on lastweek. I tried reverting back
to revision 3159 and no dice. Also Oddly enough it works with an old
version of volatility running on remnux.
Not sure whats up. Also here is the output from imageinfo:
Determining profile based on KDBG search...
Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated
with WinXPSP2x86)
AS Layer1 : JKIA32PagedMemoryPae (Kernel AS)
AS Layer2 : WindowsHiberFileSpace32 (Unnamed AS)
AS Layer3 : FileAddressSpace (/opt/hiberfil.sys)
PAE type : PAE
DTB : 0x9300060L
KDBG : 0x80545be0L
Number of Processors : 1
Image Type (Service Pack) : 3
KPCR for CPU 0 : 0xffdff000L
KUSER_SHARED_DATA : 0xffdf0000L
Image date and time : 2013-03-05 06:26:20 UTC+0000
Image local date and time : 2013-03-05 00:26:20 -0600
thanks in advance
9:51 a.m.
Hi,
I actually have a patch for the read error actually and it's currently
getting bundled with a few other changes and should be updated in the
svn soon. I can send you a fix in the meantime here in a bit. Thanks
for reporting!
All the best,
-gleeda
On Tue, Mar 5, 2013 at 4:13 AM, kongo sec <kongo86.sec(a)gmail.com> wrote:
Hi
I am running - revision 3164
I get the following error when running: Ignore the import errors
# python2.7 vol.py -f /opt/hiberfil.sys --profile=WinXPSP3x86 imagecopy -O
/opt/winxp_sp3_2nd.raw
Volatile Systems Volatility Framework 2.3_alpha
*** Failed to import volatility.plugins.zeusscan1 (AttributeError: 'module'
object has no attribute 'ImpScan')
*** Failed to import volatility.plugins.zeusscan2 (AttributeError: 'module'
object has no attribute 'ApiHooks')
Writing data (5.00 MB chunks):
|......................................................................................................................................................................................................................................................ERROR
: volatility.plugins.imagecopy: Error when reading from address space
I have tried coping over the .sys file twice. I generated a new .sys file
and same error. It worked wonderfully on lastweek. I tried reverting back to
revision 3159 and no dice. Also Oddly enough it works with an old version of
volatility running on remnux.
Not sure whats up. Also here is the output from imageinfo:
Determining profile based on KDBG search...
Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated with
WinXPSP2x86)
AS Layer1 : JKIA32PagedMemoryPae (Kernel AS)
AS Layer2 : WindowsHiberFileSpace32 (Unnamed AS)
AS Layer3 : FileAddressSpace (/opt/hiberfil.sys)
PAE type : PAE
DTB : 0x9300060L
KDBG : 0x80545be0L
Number of Processors : 1
Image Type (Service Pack) : 3
KPCR for CPU 0 : 0xffdff000L
KUSER_SHARED_DATA : 0xffdf0000L
Image date and time : 2013-03-05 06:26:20 UTC+0000
Image local date and time : 2013-03-05 00:26:20 -0600
thanks in advance
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
4272
days inactive
4272
days old
vol-users@lists.volatilityfoundation.org
1 comments
2 participants
participants (2)
-
Jamie Levy -
kongo sec