[Vol-users] problems with centos

bellissimopython at email.it bellissimopython at email.it
Fri Mar 22 12:36:18 CDT 2013


Hi,
I am trying to analyze a memory dump from a Centos server but I have got
some problems.

------ Plugin  linux_check_afinfo ------
---------------------------------
Volatile Systems Volatility Framework 2.3_alpha
Symbol Name                                Member                        
Address   
------------------------------------------ ------------------------------
----------


------ Plugin  linux_check_creds ------
---------------------------------
Volatile Systems Volatility Framework 2.3_alpha
PIDs    
--------
ERROR   : volatility.plugins.linux.check_creds: This command is not
supported in this profile.


------ Plugin  linux_check_evt_arm ------
---------------------------------
Volatile Systems Volatility Framework 2.3_alpha
Check                          PASS/FAIL Info                          
------------------------------ --------- ------------------------------
SWI Offset Instruction         FAIL      -                             


------ Plugin  linux_check_syscall_arm ------
---------------------------------
Volatile Systems Volatility Framework 2.3_alpha
     Index Address    Symbol                        
---------- ---------- ------------------------------
Traceback (most recent call last):
  File "vol.py", line 186, in <module>
    main()
  File "vol.py", line 177, in main
    command.execute()
  File
"/root/vltlt/volatility-read-only/volatility/plugins/linux/common.py", line
55, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "/root/vltlt/volatility-read-only/volatility/commands.py", line 111,
in execute
    func(outfd, data)
  File
"/root/vltlt/volatility-read-only/volatility/plugins/linux/check_syscall_arm.py",
line 88, in render_text
    for (i, call_addr, hooked) in data:
  File
"/root/vltlt/volatility-read-only/volatility/plugins/linux/check_syscall_arm.py",
line 66, in calculate
    num_syscalls = self._get_syscall_table_size()
  File
"/root/vltlt/volatility-read-only/volatility/plugins/linux/check_syscall_arm.py",
line 38, in _get_syscall_table_size
    opcode = obj.Object("unsigned int", offset = vector_swi_addr, vm =
self.addr_space)
  File "/root/vltlt/volatility-read-only/volatility/obj.py", line 169, in
Object
    offset = int(offset)
TypeError: int() argument must be a string or a number, not 'NoneType'


------ Plugin  linux_check_tty ------
---------------------------------
Volatile Systems Volatility Framework 2.3_alpha
Name             Address    Symbol                        
---------------- ---------- ------------------------------
Traceback (most recent call last):
  File "vol.py", line 186, in <module>
    main()
  File "vol.py", line 177, in main
    command.execute()
  File
"/root/vltlt/volatility-read-only/volatility/plugins/linux/common.py", line
55, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "/root/vltlt/volatility-read-only/volatility/commands.py", line 111,
in execute
    func(outfd, data)
  File
"/root/vltlt/volatility-read-only/volatility/plugins/linux/tty_check.py",
line 59, in render_text
    for name, call_addr in data:
  File
"/root/vltlt/volatility-read-only/volatility/plugins/linux/tty_check.py",
line 52, in calculate
    recv_buf = tty_dev.ldisc.ops.receive_buf
  File "/root/vltlt/volatility-read-only/volatility/obj.py", line 735, in
__getattr__
    return self.m(attr)
  File "/root/vltlt/volatility-read-only/volatility/obj.py", line 717, in m
    raise AttributeError("Struct {0} has no member
{1}".format(self.obj_name, attr))
AttributeError: Struct ldisc has no member ops



------ Plugin  linux_pidhashtable ------
---------------------------------
Volatile Systems Volatility Framework 2.3_alpha
ERROR   : volatility.plugins.linux.pidhashtable: calculate_v2: This profile
is currently unsupported by this plugin. Please file a bug report on our
issue tracker to have supprot added.
Offset     Name                 Pid             Uid             Gid    DTB  
     Start Time
---------- -------------------- --------------- --------------- ------
---------- ----------


------ Plugin  linux_psxview ------
---------------------------------
Volatile Systems Volatility Framework 2.3_alpha
ERROR   : volatility.plugins.linux.pidhashtable: calculate_v2: This profile
is currently unsupported by this plugin. Please file a bug report on our
issue tracker to have supprot added.
Offset(V)  Name                    PID pslist pid_hash kmem_cache
---------- -------------------- ------ ------ -------- ----------


The others plugins work fine.

Bye. 
 --
 Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP
autenticato? GRATIS solo con Email.it: http://www.email.it/f
 
 Sponsor:
 Una PASQUA in famiglia, in un hotel sul mare. L'Hotel Adelphi Riccione
propone un'offerta con ingresso ai parchi inclusi e i bimbi gratis fino a
tre anni. Piano famiglia a partire da 3 notti in mezza o pensione completa
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=12777&d=20130322


 
 
 --
 Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f
 
 Sponsor:
 Last minute giugno in all inclusive all'Hotel Fior di Loto di Rimini per due persone, una settimana, Euro 686 a coppia, pensione completa, bevande ai pasti, servizio spiaggia
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=12774&d=22-3


More information about the Vol-users mailing list