Hi, I have the folloing problem: # python vol.py -f ../DUMP_ram/DUMP_130912.lime --profile=LinuxUbuntu1204x86 linux_check_afinfo Volatile Systems Volatility Framework 2.2_rc1 Symbol Name Member Address ------------------------------------------ ------------------------------ ---------- WARNING : volatility.obj : Cant find object tcp_seq_afinfo in profile <volatility.plugins.overlays.linux.linux.LinuxUbuntu1204x86 object at 0x9bbc5ac>? Traceback (most recent call last): File "vol.py", line 186, in <module> main() File "vol.py", line 177, in main command.execute() File "/home/luigi/SOURCES/volatilitux_new/volatility-2.2-rc1/volatility/plugins/linux/common.py", line 51, in execute commands.Command.execute(self, *args, **kwargs) File "/home/luigi/SOURCES/volatilitux_new/volatility-2.2-rc1/volatility/commands.py", line 111, in execute func(outfd, data) File "/home/luigi/SOURCES/volatilitux_new/volatility-2.2-rc1/volatility/plugins/linux/check_afinfo.py", line 82, in render_text for (what, member, address) in data: File "/home/luigi/SOURCES/volatilitux_new/volatility-2.2-rc1/volatility/plugins/linux/check_afinfo.py", line 73, in calculate for (name, member, address) in self.check_afinfo(global_var_name, global_var, op_members, seq_members, modules): File "/home/luigi/SOURCES/volatilitux_new/volatility-2.2-rc1/volatility/plugins/linux/check_afinfo.py", line 41, in check_afinfo for (hooked_member, hook_address) in self.check_members(var.seq_fops, var_name, op_members, modules): AttributeError: 'NoneType' object has no attribute 'seq_fops' Also I want report that the volatility-2.2-rc1 package does not have the tools/linux folder. So that it is not possible build dwarf module. Anyway I have copied it from the git/alpha release. And finally I want ask something about rootkit detection plugins. For example the following means that everything is ok ? # python vol.py -f ../DUMP_ram/DUMP_130912.lime --profile=LinuxUbuntu1204x86 linux_check_creds Volatile Systems Volatility Framework 2.2_rc1 PIDs -------- # and the following: # python vol.py -f ../DUMP_ram/DUMP_130912.lime --profile=LinuxUbuntu1204x86 linux_check_idt Volatile Systems Volatility Framework 2.2_rc1 Index Address Symbol ---------- ---------- ------------------------------ 0x0 0xc1575024 divide_error 0x1 0xc15750bc debug 0x2 0xc1575114 nmi 0x3 0xc1575234 int3 0x4 0xc1574fd4 overflow 0x5 0xc1574fe0 bounds 0x6 0xc1574fec invalid_op 0x7 0xc1574fc0 device_not_available 0x8 0x00000000 VDSO32_PRELINK 0x9 0xc1574ff8 coprocessor_segment_overrun 0xa 0xc1575004 invalid_TSS 0xb 0xc157500c segment_not_present 0xc 0xc1575014 stack_segment 0xd 0xc157526c general_protection 0xe 0xc1575048 page_fault 0xf 0xc157503c spurious_interrupt_bug 0x10 0xc1574fa8 coprocessor_error 0x11 0xc157501c alignment_check 0x12 0xc1575030 machine_check 0x13 0xc1574fb4 simd_coprocessor_error 0x80 0xc15749b8 system_call # Thanks very much luigi -- Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it: http://www.email.it/f Sponsor: Speciale Settembre all'hotel Gigliola di Rimini, 7 giorni di pensione completa, 2 adulti Euro 420, all inclusive Euro 560 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=12638&d=20120913 -- Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f Sponsor: Tour culturali nell'entroterra romagnolo con le proposte tutto compreso di Costahotels. Alla scoperta dei borghi medievali e delle tipicita' gastronomiche della zona Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=12622&d=13-9 _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users