[Vol-users] Help to add new plugin

Jamie Levy jamie.levy at gmail.com
Thu Nov 14 07:52:29 CST 2013


Please type the following and show me the output:

ls volatility/plugins




On Thu, Nov 14, 2013 at 8:32 AM, David <eterno.comandante at gmail.com> wrote:

> Good afternoon Jamie
>
> I copied the file ethscan.py in volatility/plugins and….
>
> I executed:
>
> remnux at remnux:~/Desktop/volatility-2.3.1$ sudo make clean
> rm -f `find . -name "*.pyc" -o -name "*~"`
> rm -rf dist build
> remnux at remnux:~/Desktop/volatility-2.3.1$ sudo vol.py -v  ethscan -f
> /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img
> ERROR   : __main__            : You must specify something to do (try -h)
>
> The same error :(
>
> El 14/11/2013, a las 14:05, Jamie Levy <jamie.levy at gmail.com> escribió:
>
> Oh, also if you copied the ethscan plugin to your volatility/plugins
> directory, don't use the --plugins option
>
> ------------------------------
> *From: * David <eterno.comandante at gmail.com>
> *Date: *Thu, 14 Nov 2013 13:53:05 +0100
> *To: *Jamie Levy<jamie.levy at gmail.com>
> *Cc: *Volatility List<vol-users at volatilityfoundation.org>
> *Subject: *Re: [Vol-users] Help to add new plugin
>
> Hi Jamie
>
> Thanks again...
>
> I executed   "sudo python vol.py
> --plugins=../jamaal-re-tools-f427978461d4/volplugins -f
> /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img
> --profile=Win7SP1x64 ethscan”
>
> And i have new errors, (i use vol.py 2.3.1 non instalable version
> volatility 2.3.1)
>
> Do you know if has anybody a similar problem with ethscan plugin?
>
>
> Traceback (most recent call last):
>   File "/usr/local/bin/vol.py", line 186, in <module>
>     main()
>   File "/usr/local/bin/vol.py", line 143, in main
>     registry.register_global_options(config, commands.Command)
>   File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py",
> line 157, in register_global_options
>     for m in get_plugin_classes(cls, True).values():
>   File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py",
> line 152, in get_plugin_classes
>     raise Exception("Object {0} has already been defined by
> {1}".format(name, plugin))
> Exception: Object EthScan has already been defined by <class
> 'volatility.plugins.ethscan_rc1.EthScan'>
>
>
> Best regards
>
> El 14/11/2013, a las 12:45, Jamie Levy <jamie.levy at gmail.com> escribió:
>
> Try:
>
> sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins -f
> /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img
> --profile=Win7SP1x64 ethscan
>
> First: --plugins takes in either a directory or a zipfile, not a plugin
>
> Second: You didn't specify which plugin to run (ethscan)
> ------------------------------
> *From: * David <eterno.comandante at gmail.com>
> *Date: *Thu, 14 Nov 2013 10:41:47 +0100
> *To: *Jamie Levy<jamie.levy at gmail.com>
> *Cc: *Volatility List<vol-users at volatilityfoundation.org>
> *Subject: *Re: [Vol-users] Help to add new plugin
>
>
> Sorry I had a typo i didn´t write --profile=Win7SP1x64
>
>
> sudo python vol.py
> --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f
> /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64
>
>
>
> I have the same error of ever :(
>
> Volatility Foundation Volatility Framework 2.3.1
> ERROR   : __main__            : You must specify something to do (try -h)
>
>
> Thanks!!
>
> El 14/11/2013, a las 09:36, David <eterno.comandante at gmail.com> escribió:
>
> Hi @Jamie and list
>
> Thanks very much for your support ;)
>
> I’ve same errors when i’m executing: :(
>
>  sudo python vol.py
> --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f
> /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img
>
> The error:
>
> Volatility Foundation Volatility Framework 2.3.1
> ERROR   : __main__            : You must specify something to do (try -h)
>
> Maybe the cause of this error can be that the new plugin “ethscan" isn't
> compatible with non instalable version of volatility 2.3.1, what do you
> think about?
>
> On the other hand, i found a brief tutorial about ethscan:
>
>
> https://code.google.com/p/jamaal-re-tools/source/browse/volplugins/README.txt
>
>
> vol.py ethscan -f be2.vmem -R --dump-dir outputfiles -C out.pcap -P -S
>
> The execution of the vol.py command is different……. :(
>
> He does not the flag —-plugin=
>
> Thanks for all!!
>
> Ps: My apologies for my level of english
>
>
> El 13/11/2013, a las 16:43, Jamie Levy <jamie.levy at gmail.com> escribió:
>
> Hi David,
>
> I think you might have also asked this on the channel.  So yes, you should
> use the `--plugins=/path/to/folder/with/ethscan` option, obviously changing
> the path to a folder that has that plugin.  If you were the person on the
> channel, the issue that you were having is because you must specify
> `--plugins` first, BEFORE any other options to vol.py:
>
>
> http://code.google.com/p/volatility/wiki/VolatilityUsage23#Specifying_Additional_Plugin_Directories
>
> Let me know if you have any other questions.
>
> All the best,
>
> -gleeda
>
>
>
>
> On Tue, Nov 12, 2013 at 6:42 AM, David Martin <eterno.comandante at gmail.com
> > wrote:
>
>> Hello list,
>>
>> Please, I need some help about for add/use new plugins in volatility
>> 2.3.1.
>>
>> Can I use the flag "--plugins=contrib/plugins"? o is there any method?
>>
>> The plugin that I want for add/use is:
>>
>> https://code.google.com/p/jamaal-re-tools/source/checkout
>>
>> Thanks for your support!!
>>
>>
>>
>>
>>
>> _______________________________________________
>> Vol-users mailing list
>> Vol-users at volatilityfoundation.org
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>
>>
>
>
> --
> PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3  64C2 196B 2AB5 27A4 AC92
>
>
>
>
>
>


-- 
PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3  64C2 196B 2AB5 27A4 AC92
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20131114/9feb7a8a/attachment-0001.html


More information about the Vol-users mailing list