[Vol-users] Volatility-Linux TypeError
atcuno at gmail.com
Fri Jan 27 18:42:16 CST 2012
Can we see your command line invocation? It seems to be using the 32bit
Sent from my Droid --
On Jan 26, 2012 7:34 PM, "Patrick Burkard" <pbuml at gmx.de> wrote:
> in the last view weeks i've tried to analyze Linux memorydumps with the
> volatility-linux Version (Revision 1313 from svn).
> My goal is to show that it is possible to discover hidden processes,
> kernelmodules etc. (for example from a rootkit) from a memory dump. By
> comparing the output from the memorydump analysis with the native
> execution of the system commands.
> I created a profile for the current stable Debian version.
> Trying to use this profile leads to the following TypeError:
> python volatility.py --profile=LinuxDebian26325 -f ~/Desktop/LF32.ram
> linux_task_list_ps Volatile Systems Volatility Framework 1.4_rc1
> Name Pid Uid
> Traceback (most recent call last):
> File "volatility.py", line 129, in <module>
> File "volatility.py", line 120, in main
> "/home/dark-eye/Sources/volatility_linux/volatility/commands.py", line
> 101, in execute func(outfd, data) File
> line 59, in render_text for task in data: File
> line 50, in calculate for task in
> linux_common.walk_list_head("task_struct", "tasks", init_task.tasks,
> self.addr_space): File
> line 110, in walk_list_head yield obj.Object(struct_name, offset =
> list_ptr - offset, vm = addr_space) TypeError: unsupported operand
> type(s) for -: 'instancemethod' and 'int'
> I would really appreciate to debug or help to debug this issue. Sadly I
> can't find a way to evaluate the correctness of the kernel-profile. Is
> this a known problem from volatility-linux or could it be the result of
> a failure i've made while creating the debian profile?
> Thanks for every hint!
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users