5:28 a.m.
Hello,
in the last view weeks i've tried to analyze Linux memorydumps with the
volatility-linux Version (Revision 1313 from svn).
My goal is to show that it is possible to discover hidden processes,
kernelmodules etc. (for example from a rootkit) from a memory dump. By
comparing the output from the memorydump analysis with the native
execution of the system commands.
I created a profile for the current stable Debian version.
Trying to use this profile leads to the following TypeError:
python volatility.py --profile=LinuxDebian26325 -f ~/Desktop/LF32.ram
linux_task_list_ps Volatile Systems Volatility Framework 1.4_rc1
Name Pid Uid
Traceback (most recent call last):
File "volatility.py", line 129, in <module>
main()
File "volatility.py", line 120, in main
command.execute()
File
"/home/dark-eye/Sources/volatility_linux/volatility/commands.py", line
101, in execute func(outfd, data) File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 59, in render_text for task in data: File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 50, in calculate for task in
linux_common.walk_list_head("task_struct", "tasks", init_task.tasks,
self.addr_space): File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_common.py",
line 110, in walk_list_head yield obj.Object(struct_name, offset =
list_ptr - offset, vm = addr_space) TypeError: unsupported operand
type(s) for -: 'instancemethod' and 'int'
I would really appreciate to debug or help to debug this issue. Sadly I
can't find a way to evaluate the correctness of the kernel-profile. Is
this a known problem from volatility-linux or could it be the result of
a failure i've made while creating the debian profile?
Thanks for every hint!
Greetings
Patrick
8:43 p.m.
Can you please repeat this with the latest linux branch
(linux64-support) or scudettes branch? The current system takes a
profile generated from dwarf files (in a zip). See instructions in
tools/linux/README.txt
Michael.
On 26 January 2012 11:28, Patrick Burkard <pbuml(a)gmx.de> wrote:
Hello,
in the last view weeks i've tried to analyze Linux memorydumps with the
volatility-linux Version (Revision 1313 from svn).
My goal is to show that it is possible to discover hidden processes,
kernelmodules etc. (for example from a rootkit) from a memory dump. By
comparing the output from the memorydump analysis with the native
execution of the system commands.
I created a profile for the current stable Debian version.
Trying to use this profile leads to the following TypeError:
python volatility.py --profile=LinuxDebian26325 -f ~/Desktop/LF32.ram
linux_task_list_ps Volatile Systems Volatility Framework 1.4_rc1
Name Pid Uid
Traceback (most recent call last):
File "volatility.py", line 129, in <module>
main()
File "volatility.py", line 120, in main
command.execute()
File
"/home/dark-eye/Sources/volatility_linux/volatility/commands.py", line
101, in execute func(outfd, data) File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 59, in render_text for task in data: File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 50, in calculate for task in
linux_common.walk_list_head("task_struct", "tasks", init_task.tasks,
self.addr_space): File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_common.py",
line 110, in walk_list_head yield obj.Object(struct_name, offset =
list_ptr - offset, vm = addr_space) TypeError: unsupported operand
type(s) for -: 'instancemethod' and 'int'
I would really appreciate to debug or help to debug this issue. Sadly I
can't find a way to evaluate the correctness of the kernel-profile. Is
this a known problem from volatility-linux or could it be the result of
a failure i've made while creating the debian profile?
Thanks for every hint!
Greetings
Patrick
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
4:53 p.m.
Hello,
Can you please repeat this with the latest linux
branch
(linux64-support) or scudettes branch? The current system takes a
profile generated from dwarf files (in a zip). See instructions in
tools/linux/README.txt
Thank you for the information about the newer versions in the scudete
and lin64-support branches. I tried those two, but unfortunately
without success. But step by step: I created a new profile for the
analysis target with the steps mentioned in the readme. This seems to
work with a warning at the end of the process that you can see at [1].
When I try to use this profile with the scudete version i still get the
known TypeError with some more warnings and information [2].
The lin64 Version produces another Error Message I posted at [3].
I use volatility on a Debian Squeeze 64-Bit version:
$ uname -a
Linux Ragana 2.6.32-5-amd64 #1 SMP Mon Jan 16 16:22:28 UTC 2012 x86_64
GNU/Linux
Hopefully this information is helpful for you and we can find the
reason for my problems. Please ask if you need more information.
Greetings
Patrick
[1]
/mnt/host/tools/linux/pmem.c: In function ‘pmem_read_partial’:
/mnt/host/tools/linux/pmem.c:142: warning: comparison of distinct
pointer types lacks a cast Building modules, stage 2.
MODPOST 2 modules
make[4]: Warning: File `/mnt/host/tools/linux/module.mod.c' has
modification time 0,095 s in the future
CC /mnt/host/tools/linux/module.mod.o LD
[M] /mnt/host/tools/linux/module.ko
CC /mnt/host/tools/linux/pmem.mod.o LD
[M] /mnt/host/tools/linux/pmem.ko make[4]: Warnung: Mit der Uhr stimmt
etwas nicht. Die Bearbeitung könnte unvollständig sein.
[2]
Volatile Systems Volatility Framework 2.1_alpha
WARNING : volatility.obj : comm has no offset in object
task_struct. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : name has no offset in object
net_device. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : s_id has no offset in object
super_block. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : sun_path has no offset in object
sockaddr_un. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : x86_model_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : x86_vendor_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : name has no offset in object module.
Check that vtypes has a concrete definition for it.
INFO : volatility.plugins.overlays.linux.linux32: Found dwarf file
module.dwarf
INFO : volatility.plugins.overlays.linux.linux32: Found dwarf file
boot/System.map-2.6.32-5-686
Loaded profile Linux32
Offset Name Pid Uid
Traceback (most recent call last):
File "./vol.py", line 202, in <module>
main()
File "./vol.py", line 192, in main
command_obj.execute()
File
"/home/dark-eye/Sources/volatility_scudette/volatility/commands.py", line 166,
in execute
func(outfd, data)
File
"/home/dark-eye/Sources/volatility_scudette/volatility/plugins/linux/linux_task_list_ps.py",
line 61, in render_text
for task in data:
File
"/home/dark-eye/Sources/volatility_scudette/volatility/plugins/linux/linux_task_list_ps.py",
line 51, in calculate
for task in linux_common.walk_list_head("task_struct", "tasks",
init_task.tasks, self.addr_space):
File
"/home/dark-eye/Sources/volatility_scudette/volatility/plugins/linux/linux_common.py",
line 121, in walk_list_head
yield obj.Object(struct_name, offset = list_ptr - offset, vm =
addr_space)
TypeError: unsupported operand type(s) for -: 'instancemethod' and 'int'
[3]
Volatile Systems Volatility Framework 2.1_alpha
WARNING : volatility.obj : comm has no offset in object
task_struct. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : name has no offset in object
net_device. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : s_id has no offset in object
super_block. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : sun_path has no offset in object
sockaddr_un. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : x86_model_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : x86_vendor_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : name has no offset in object module.
Check that vtypes has a concrete definition for it. WARNING :
volatility.obj : comm has no offset in object task_struct. Check
that vtypes has a concrete definition for it. WARNING :
volatility.obj : name has no offset in object net_device. Check
that vtypes has a concrete definition for it. WARNING :
volatility.obj : s_id has no offset in object super_block. Check
that vtypes has a concrete definition for it. WARNING :
volatility.obj : sun_path has no offset in object sockaddr_un.
Check that vtypes has a concrete definition for it. WARNING :
volatility.obj : x86_model_id has no offset in object cpuinfo_x86.
Check that vtypes has a concrete definition for it. WARNING :
volatility.obj : x86_vendor_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : name has no offset in object module.
Check that vtypes has a concrete definition for it. Offset
Name Pid Uid Traceback (most recent call
last): File "./vol.py", line 171, in <module> main() File
"./vol.py",
line 161, in main command.execute() File
"/home/dark-eye/Sources/volatility_linux64/volatility/commands.py",
line 135, in execute func(outfd, data) File
"/home/dark-eye/Sources/volatility_linux64/volatility/plugins/linux/linux_task_list_ps.py",
line 62, in render_text for task in data: File
"/home/dark-eye/Sources/volatility_linux64/volatility/plugins/linux/linux_task_list_ps.py",
line 41, in calculate init_task_addr = self.smap["init_task"]
TypeError: 'NoneType' object is unsubscriptable
6:39 p.m.
On 27 January 2012 22:53, Patrick Burkard <pbuml(a)gmx.de> wrote:
Hi Patrick,
"/home/dark-eye/Sources/volatility_linux64/volatility/plugins/linux/linux_task_list_ps.py",
line 41, in calculate init_task_addr = self.smap["init_task"]
TypeError: 'NoneType' object is unsubscriptable
This warning means that you do not have a system map loaded - is this
in the zip file? Also from the messages above it seems to load Linux32
profile - are you sure your image is from a 32 bit system or a 64 bit
system?
Michael.
8:16 a.m.
Am Sat, 28 Jan 2012 00:39:45 +0100
schrieb Michael Cohen <scudette(a)gmail.com>:
On 27 January 2012 22:53, Patrick Burkard
<pbuml(a)gmx.de> wrote:
Hi Patrick,
Alright ... here we go. This is the content of the profile zip:
dark-eye@Ragana:~/Sources/volatility_linux64$ zipinfo -l
-rw-r--r-- 3.0 unx 1293706 tx 338478 defN 12-Jan-11 18:24
boot/System.map-2.6.32-5-686
-rw-r--r-- 3.0 unx 1364923 tx 130532 defN 12-Jan-27 22:35
module.dwarf 3 files, 3952335 bytes uncompressed, 778032 bytes
compressed: 80.3%
The image is captured from a VirtualBox VM:
GNU/Linuxdark-eye@LOSTFor32:~$ uname -a
Linux LOSTFor32 2.6.32-5-686 #1 SMP Wed Jan 11 12:29:30 UTC 2012 i686
GNU/Linux
An the command I use to start volatility. Maybe there is something that
I've done wrong:
python vol.py --profile Linux32 --profile_file debian_squeeze.zip
-f /home/dark-eye/Desktop/LF32.ram pslist
Thank you again for your time and help
Greetings
Patrick
"/home/dark-eye/Sources/volatility_linux64/volatility/plugins/linux/linux_task_list_ps.py",
line 41, in calculate init_task_addr = self.smap["init_task"]
TypeError: 'NoneType' object is unsubscriptable
This warning means that you do not have a system map loaded - is this
in the zip file? Also from the messages above it seems to load Linux32
profile - are you sure your image is from a 32 bit system or a 64 bit
system? 
12:44 p.m.
This makes a little more sense...
So your analysis machine is 64 bit, but the target is 32 bit and you
created the profile on the analysis target?
Also, how did you acquire the memory image?
On Sat, Jan 28, 2012 at 7:16 AM, Patrick Burkard <pbuml(a)gmx.de> wrote:
Am Sat, 28 Jan 2012 00:39:45 +0100
schrieb Michael Cohen <scudette(a)gmail.com>:
On 27 January 2012 22:53, Patrick Burkard
<pbuml(a)gmx.de> wrote:
Hi Patrick,
Alright ... here we go. This is the content of the profile zip:
dark-eye@Ragana:~/Sources/volatility_linux64$ zipinfo -l
-rw-r--r-- 3.0 unx 1293706 tx 338478 defN 12-Jan-11 18:24
boot/System.map-2.6.32-5-686
-rw-r--r-- 3.0 unx 1364923 tx 130532 defN 12-Jan-27 22:35
module.dwarf 3 files, 3952335 bytes uncompressed, 778032 bytes
compressed: 80.3%
The image is captured from a VirtualBox VM:
GNU/Linuxdark-eye@LOSTFor32:~$ uname -a
Linux LOSTFor32 2.6.32-5-686 #1 SMP Wed Jan 11 12:29:30 UTC 2012 i686
GNU/Linux
An the command I use to start volatility. Maybe there is something that
I've done wrong:
python vol.py --profile Linux32 --profile_file debian_squeeze.zip
-f /home/dark-eye/Desktop/LF32.ram pslist
Thank you again for your time and help
Greetings
Patrick
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
"/home/dark-eye/Sources/volatility_linux64/volatility/plugins/linux/linux_task_list_ps.py",
line 41, in calculate init_task_addr = self.smap["init_task"]
TypeError: 'NoneType' object is unsubscriptable
This warning means that you do not have a system map loaded - is this
in the zip file? Also from the messages above it seems to load Linux32
profile - are you sure your image is from a 32 bit system or a 64 bit
system?
1:49 p.m.
Hello,
This makes a little more sense...
So your analysis machine is 64 bit, but the target is 32 bit and you
created the profile on the analysis target?
That's correct.
Also, how did you acquire the memory image?
I use VirtualBox to run my VMs. With VBoxManage and the debugvm command
you can generate a dump of some VM information processor registers etc.
This is written in an elf style format.
At the end of this data structure a complete raw RAM-Dump is written,
that you can easily write to a file. At some points I checked it with
the information that the fmem kernel module generates an this seems to
be correct.
Greetings
Patrick
7:05 p.m.
Patrick,
The backtrace you got was because the init_task was not found or
had an invalid address. Can you please check that there is such a
symbol on your System.map. For example:
~/projects/volatility(scudette_playground)$ unzip -p system.zip
boot/System.map-3.0.0-12-server | grep init_task
ffffffff810de840 T ftrace_graph_init_task
ffffffff811065c0 T perf_event_init_task
ffffffff81a69cb0 r __ksymtab_init_task
ffffffff81a7e998 r __kcrctab_init_task
ffffffff81a87790 r __kstrtab_init_task
ffffffff81c0b020 D init_task
ffffffff81eed8a0 b ext4_lazyinit_task
This address (e.g. ffffffff81c0b020) needs to be valid in the kernel
AS. If it appears valid, then maybe we can not parse the kernel AS
properly. I dont think task_structs can be paged in linux so there is
something really wrong if its not there.
Michael.
On 28 January 2012 05:16, Patrick Burkard <pbuml(a)gmx.de> wrote:
Am Sat, 28 Jan 2012 00:39:45 +0100
schrieb Michael Cohen <scudette(a)gmail.com>:
On 27 January 2012 22:53, Patrick Burkard
<pbuml(a)gmx.de> wrote:
Hi Patrick,
Alright ... here we go. This is the content of the profile zip:
dark-eye@Ragana:~/Sources/volatility_linux64$ zipinfo -l
-rw-r--r-- 3.0 unx 1293706 tx 338478 defN 12-Jan-11 18:24
boot/System.map-2.6.32-5-686
-rw-r--r-- 3.0 unx 1364923 tx 130532 defN 12-Jan-27 22:35
module.dwarf 3 files, 3952335 bytes uncompressed, 778032 bytes
compressed: 80.3%
The image is captured from a VirtualBox VM:
GNU/Linuxdark-eye@LOSTFor32:~$ uname -a
Linux LOSTFor32 2.6.32-5-686 #1 SMP Wed Jan 11 12:29:30 UTC 2012 i686
GNU/Linux
An the command I use to start volatility. Maybe there is something that
I've done wrong:
python vol.py --profile Linux32 --profile_file debian_squeeze.zip
-f /home/dark-eye/Desktop/LF32.ram pslist
Thank you again for your time and help
Greetings
Patrick
"/home/dark-eye/Sources/volatility_linux64/volatility/plugins/linux/linux_task_list_ps.py",
line 41, in calculate init_task_addr = self.smap["init_task"]
TypeError: 'NoneType' object is unsubscriptable
This warning means that you do not have a system map loaded - is this
in the zip file? Also from the messages above it seems to load Linux32
profile - are you sure your image is from a 32 bit system or a 64 bit
system?
10:56 a.m.
Hello,
The backtrace you got was because the init_task was
not found or
had an invalid address. Can you please check that there is such a
symbol on your System.map. For example:
~/projects/volatility(scudette_playground)$ unzip -p system.zip
boot/System.map-3.0.0-12-server | grep init_task
[SNIP]
I've done this with my System.map. This is what happens:
dark-eye@Ragana:~/Sources/volatility_linux64$ unzip -p
debian_squeeze.zip boot/System.map-2.6.32-5-686 | grep init_task
c1083b60 T perf_event_init_task c1336980 r __ksymtab_init_task
c133eef0 r __kcrctab_init_task
c13431a8 r __kstrtab_init_task
c1388ba0 D init_task
c14322d8 B init_task_group
Because I'm not really sure how to translate those virtual addresses to
the offsets of the memory dump, I used volatilitux to evaluate the
virtual addresses.
dark-eye@Ragana:~/Sources/volatilitux$ python volatilitux.py
-f /home/dark-eye/Desktop/LF32.ram -d pslist
swapper comm found at 012f4e84
swapper comm found at 01388dc4
init comm found at 1f82c0f0
confirmed: swapper comm found with init's prev
potential offset_parents: 312, 316
swapper_addr = 01388ba0, init_addr = 1f82c000
offset_comm = 548, offset_tasks = 240, offset_parent = 316
potential_offset_pid = 300
offset_mm = 268
offset_vmfile = 72
offset_fdentry = 12, offset_qstr = 32
offset_pgd = 36
arch = x86
Address Name PID PPID mm
c1388ba0 swapper 0 0 00000000
df82c000 init 1 0 d792a380
(pgd=df8b4000)
df82c440 kthreadd 2 0
00000000
So I think the c1388ba0 address is correct for the swapper not the
init_task. Is this assumption right?
I checked if I maybe mixed up something while dumping the memory, but
can't figure out what it could be. Do you have any further ideas?
Greetings
Patrick
6:45 a.m.
New subject: [SOLVED] Re: Volatility-Linux TypeError
Hello,
I found a solution to my problem as I tried to use volatility on
a 32-Bit machine to check if my trouble is caused by my 64-Bit analysis
system. On this different computer volatility just worked once, every
other try leads to the Error [1] that i saw really often in the last
days.
After that, I looked for things that changed on the system after the
first run and then deleted the .cache/volatility directory in my
home directory. That's all, after each run of volatility I delete the
cache and everything works fine.
Thanks a lot for your time and the helpful Mails. Please ask if you need
more information about my problem to debug this possible caching issue.
Greetings
Patrick
[1]
python vol.py -f /mnt/host/Desktop/LF32.ram --profile Linux32
--profile_file ../debian_squeeze.zip pslist Volatile Systems Volatility
Framework 2.1_alpha WARNING : volatility.obj : comm has no offset
in object task_struct. Check that vtypes has a concrete definition for
it. WARNING : volatility.obj : name has no offset in object
net_device. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : s_id has no offset in object
super_block. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : sun_path has no offset in object
sockaddr_un. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : x86_model_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : x86_vendor_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : name has no offset in object module.
Check that vtypes has a concrete definition for it. WARNING :
volatility.obj : comm has no offset in object task_struct. Check
that vtypes has a concrete definition for it. WARNING :
volatility.obj : name has no offset in object net_device. Check
that vtypes has a concrete definition for it. WARNING :
volatility.obj : s_id has no offset in object super_block. Check
that vtypes has a concrete definition for it. WARNING :
volatility.obj : sun_path has no offset in object sockaddr_un.
Check that vtypes has a concrete definition for it. WARNING :
volatility.obj : x86_model_id has no offset in object cpuinfo_x86.
Check that vtypes has a concrete definition for it. WARNING :
volatility.obj : x86_vendor_id has no offset in object
cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj : name has no offset in object module.
Check that vtypes has a concrete definition for it. Offset
Name Pid Uid Traceback (most recent call
last): File "vol.py", line 171, in <module> main() File
"vol.py", line
161, in main command.execute() File
"/home/dark-eye/Sources/volatility_lin64/volatility/commands.py", line
135, in execute func(outfd, data) File
"/home/dark-eye/Sources/volatility_lin64/volatility/plugins/linux/linux_task_list_ps.py",
line 62, in render_text for task in data: File
"/home/dark-eye/Sources/volatility_lin64/volatility/plugins/linux/linux_task_list_ps.py",
line 41, in calculate init_task_addr = self.smap["init_task"]
TypeError: 'NoneType' object is unsubscriptable
9:50 a.m.
New subject: [SOLVED] Re: Volatility-Linux TypeError
Hi Patrick,
If the caching framework is causing you problems, you should always be able
to disable it using the "--no-cache" flag, rather than having to manually
delete the cache files.
You can also set this option in the volatilityrc file so that the cache is
always disabled...
Mike
7:42 p.m.
Can we see your command line invocation? It seems to be using the 32bit
profile
Sent from my Droid --
On Jan 26, 2012 7:34 PM, "Patrick Burkard" <pbuml(a)gmx.de> wrote:
Hello,
in the last view weeks i've tried to analyze Linux memorydumps with the
volatility-linux Version (Revision 1313 from svn).
My goal is to show that it is possible to discover hidden processes,
kernelmodules etc. (for example from a rootkit) from a memory dump. By
comparing the output from the memorydump analysis with the native
execution of the system commands.
I created a profile for the current stable Debian version.
Trying to use this profile leads to the following TypeError:
python volatility.py --profile=LinuxDebian26325 -f ~/Desktop/LF32.ram
linux_task_list_ps Volatile Systems Volatility Framework 1.4_rc1
Name Pid Uid
Traceback (most recent call last):
File "volatility.py", line 129, in <module>
main()
File "volatility.py", line 120, in main
command.execute()
File
"/home/dark-eye/Sources/volatility_linux/volatility/commands.py", line
101, in execute func(outfd, data) File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 59, in render_text for task in data: File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_task_list_ps.py",
line 50, in calculate for task in
linux_common.walk_list_head("task_struct", "tasks", init_task.tasks,
self.addr_space): File
"/home/dark-eye/Sources/volatility_linux/volatility/plugins/linux_common.py",
line 110, in walk_list_head yield obj.Object(struct_name, offset =
list_ptr - offset, vm = addr_space) TypeError: unsupported operand
type(s) for -: 'instancemethod' and 'int'
I would really appreciate to debug or help to debug this issue. Sadly I
can't find a way to evaluate the correctness of the kernel-profile. Is
this a known problem from volatility-linux or could it be the result of
a failure i've made while creating the debian profile?
Thanks for every hint!
Greetings
Patrick
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
4670
days inactive
4676
days old
vol-users@lists.volatilityfoundation.org
11 comments
5 participants
participants (5)
-
Andrew Case -
Michael Cohen -
Mike Auty -
Patrick Burkard -
Patrick Burkard