3:24 p.m.
Testing zeusscan against a known zeus vmem sample, I am getting a
segmentation fault. Other vol commands run and return results properly, and
zeuscan appears to have compiled OK. No errors output except for the
segmentation fault.
Host OS is CentOS Linux 2.6, Volatility is 2.4. Zeus.vmem is WinXPSP2x86
Any ideas on troubleshooting?
Bill
11:52 a.m.
Hi Bill,
A segmentation fault with volatility is extremely rare, I think I’ve only seen it once or
twice in 6-7 years. So congratulations on finding an interesting bug ;-)
I would recommend the following:
1) Make sure you have the latest 2.4 (not a Beta version) from either
https://github.com/volatilityfoundation/volatility or
http://www.volatilityfoundation.org/#!24/c12wa.
2) Try to narrow it down to zeuscan on a particular process (for example zeusscan -p PID).
Once you’ve done that, we can look at the VAD nodes of the process (vadinfo) and see if
there’s anything funky.
3) While running zeusscan, keep an eye on your system’s RAM. Is it getting maxed out?
Thanks,
Michael
--------------------------------------------------
Michael Ligh (@iMHLv2)
GPG: http://mnin.org/gpg.pubkey.txt
Blog: http://volatility-labs.blogspot.com
On Sep 8, 2014, at 2:24 PM, Bill Moylan <billyfm(a)gmail.com> wrote:
Testing zeusscan against a known zeus vmem sample, I
am getting a segmentation fault. Other vol commands run and return results properly, and
zeuscan appears to have compiled OK. No errors output except for the segmentation fault.
Host OS is CentOS Linux 2.6, Volatility is 2.4. Zeus.vmem is WinXPSP2x86
Any ideas on troubleshooting?
Bill
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
3713
days inactive
3720
days old
vol-users@lists.volatilityfoundation.org
1 comments
2 participants
participants (2)
-
Bill Moylan -
Michael Ligh