[Vol-users] Volatility 2.1/2.2 connscan/sockets/sockscan not supported for profile Win7SP1x86

Mike Lambert dragonforen at hotmail.com
Fri Jan 4 15:58:28 CST 2013


I have found that in Volatility 2.1 and 2.2 connscan is not supported for profile Win7SP1x86. Volatility 2.0 does not produce any results. (??) 
I see that sockets and sockscan are also not supported in Volatility 2.2. See below.
 
pslist does work, so some commands are supported.
 
Is this a known issue? 
 
 
----------------cut-here-------------------
C:\Python27\volatility-2.2>vol.py imageinfo -f g:\victim1.w32
Volatile Systems Volatility Framework 2.2
Determining profile based on KDBG search...
          Suggested Profile(s) : Win7SP0x86, Win7SP1x86
                     AS Layer1 : JKIA32PagedMemoryPae (Kernel AS)
                     AS Layer2 : FileAddressSpace (G:\victim1.w32)
                      PAE type : PAE
                           DTB : 0x185000L
                          KDBG : 0x82761be8L
          Number of Processors : 2
     Image Type (Service Pack) : 0
                KPCR for CPU 0 : 0x82762c00L
                KPCR for CPU 1 : 0x807c0000L
             KUSER_SHARED_DATA : 0xffdf0000L
           Image date and time : 2013-01-04 20:41:23 UTC+0000
     Image local date and time : 2013-01-04 14:41:23 -0600

 
C:\Python27\volatility-2.0>vol.py connscan -f h:\victim1.img --profile=Win7SP1x86
Volatile Systems Volatility Framework 2.0
 Offset     Local Address             Remote Address            Pid
---------- ------------------------- ------------------------- ------
 
C:\Python27\volatility-2.1>vol.py connscan -f h:\victim1.img --profile=Win7SP1x86
Volatile Systems Volatility Framework 2.1
Offset(P)  Local Address             Remote Address            Pid
---------- ------------------------- ------------------------- ---
ERROR   : volatility.plugins.connscan: This command does not support the selected profile.

 
C:\Python27\volatility-2.2>vol.py connscan -f g:\victim1.w32 --profile=Win7SP1x86
Volatile Systems Volatility Framework 2.2
Offset(P)  Local Address             Remote Address            Pid
---------- ------------------------- ------------------------- ---
ERROR   : volatility.plugins.connscan: This command does not support the selected profile.
 
C:\Python27\volatility-2.2>vol.py sockets -f g:\victim1.w32 --profile=Win7SP1x86
Volatile Systems Volatility Framework 2.2
ERROR   : volatility.plugins.sockets: This command does not support the selected profile.
 
C:\Python27\volatility-2.2>vol.py sockscan -f g:\victim1.w32 --profile=Win7SP1x86
Volatile Systems Volatility Framework 2.2
Offset(P)     PID   Port  Proto Protocol        Address         Create Time
---------- ------ ------ ------ --------------- --------------- -----------
ERROR   : volatility.plugins.sockscan: This command does not support the selected profile. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20130104/8617ff8d/attachment.html


More information about the Vol-users mailing list