[Vol-users] Volatility-Linux TypeError

Patrick Burkard pbuml at gmx.de
Sat Jan 28 07:16:41 CST 2012


Am Sat, 28 Jan 2012 00:39:45 +0100
schrieb Michael Cohen <scudette at gmail.com>:

> On 27 January 2012 22:53, Patrick Burkard <pbuml at gmx.de> wrote:
> Hi Patrick,
> 
> > "/home/dark-eye/Sources/volatility_linux64/volatility/plugins/linux/linux_task_list_ps.py",
> > line 41, in calculate init_task_addr = self.smap["init_task"]
> > TypeError: 'NoneType' object is unsubscriptable
> 
> This warning means that you do not have a system map loaded - is this
> in the zip file? Also from the messages above it seems to load Linux32
> profile - are you sure your image is from a 32 bit system or a 64 bit
> system?

Alright ... here we go. This is the content of the profile zip:

dark-eye at Ragana:~/Sources/volatility_linux64$ zipinfo -l
-rw-r--r--  3.0 unx  1293706 tx   338478 defN 12-Jan-11 18:24
boot/System.map-2.6.32-5-686
-rw-r--r--  3.0 unx  1364923 tx   130532 defN 12-Jan-27 22:35
module.dwarf 3 files, 3952335 bytes uncompressed, 778032 bytes
compressed:  80.3%

The image is captured from a VirtualBox VM:
GNU/Linuxdark-eye at LOSTFor32:~$ uname -a
Linux LOSTFor32 2.6.32-5-686 #1 SMP Wed Jan 11 12:29:30 UTC 2012 i686
GNU/Linux

An the command I use to start volatility. Maybe there is something that
I've done wrong:
python vol.py --profile Linux32 --profile_file debian_squeeze.zip
-f /home/dark-eye/Desktop/LF32.ram pslist

Thank you again for your time and help
Greetings
Patrick


More information about the Vol-users mailing list