[Vol-users] Help to add new plugin

David eterno.comandante at gmail.com
Thu Nov 14 08:17:49 CST 2013


The output:

addrspaces       connscan.pyc   dumpfiles.pyc  fileparam.pyc       handles.py     imagecopy.py   kpcrscan.py    mbrparser.pyc  modules.pyc     procdump.py   sockets.pyc   taskmods.pyc    vboxinfo.pyc
bioskbd.py       crashinfo.py   envars.py      filescan.py         handles.pyc    imagecopy.pyc  kpcrscan.pyc   mftparser.py   netscan.py      procdump.pyc  sockscan.py   timeliner.py    vmwareinfo.py
bioskbd.pyc      crashinfo.pyc  envars.pyc     filescan.pyc        hibinfo.py     imageinfo.py   linux          mftparser.pyc  netscan.pyc     pstree.py     sockscan.pyc  timeliner.pyc   vmwareinfo.pyc
common.py        dlldump.py     ethscan.py     getservicesids.py   hibinfo.pyc    imageinfo.pyc  mac            moddump.py     overlays        pstree.pyc    ssdt.py       userassist.py   volshell.py
common.pyc       dlldump.pyc    ethscan.pyc    getservicesids.pyc  hpakinfo.py    __init__.py    machoinfo.py   moddump.pyc    patcher.py      raw2dmp.py    ssdt.pyc      userassist.pyc  volshell.pyc
connections.py   dumpcerts.py   evtlogs.py     getsids.py          hpakinfo.pyc   __init__.pyc   machoinfo.pyc  modscan.py     patcher.pyc     raw2dmp.pyc   strings.py    vadinfo.py
connections.pyc  dumpcerts.pyc  evtlogs.pyc    getsids.pyc         iehistory.py   kdbgscan.py    malware        modscan.pyc    privileges.py   registry      strings.pyc   vadinfo.pyc
connscan.py      dumpfiles.py   fileparam.py   gui                 iehistory.pyc  kdbgscan.pyc   mbrparser.py   modules.py     privileges.pyc  sockets.py    taskmods.py   vboxinfo.py

Best regards!

El 14/11/2013, a las 14:52, Jamie Levy <jamie.levy at gmail.com> escribió:

> Please type the following and show me the output:
> 
> ls volatility/plugins
> 
> 
> 
> 
> On Thu, Nov 14, 2013 at 8:32 AM, David <eterno.comandante at gmail.com> wrote:
> Good afternoon Jamie
> 
> I copied the file ethscan.py in volatility/plugins and….
> 
> I executed: 
> 
> remnux at remnux:~/Desktop/volatility-2.3.1$ sudo make clean
> rm -f `find . -name "*.pyc" -o -name "*~"`
> rm -rf dist build
> remnux at remnux:~/Desktop/volatility-2.3.1$ sudo vol.py -v  ethscan -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img 
> ERROR   : __main__            : You must specify something to do (try -h)
> 
> The same error :( 
> 
> El 14/11/2013, a las 14:05, Jamie Levy <jamie.levy at gmail.com> escribió:
> 
>> Oh, also if you copied the ethscan plugin to your volatility/plugins directory, don't use the --plugins option
>> 
>> From: David <eterno.comandante at gmail.com>
>> Date: Thu, 14 Nov 2013 13:53:05 +0100
>> To: Jamie Levy<jamie.levy at gmail.com>
>> Cc: Volatility List<vol-users at volatilityfoundation.org>
>> Subject: Re: [Vol-users] Help to add new plugin
>> 
>> Hi Jamie
>> 
>> Thanks again...
>> 
>> I executed   "sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 ethscan” 
>> 
>> And i have new errors, (i use vol.py 2.3.1 non instalable version volatility 2.3.1)
>> 
>> Do you know if has anybody a similar problem with ethscan plugin?
>> 
>> 
>> Traceback (most recent call last):
>>   File "/usr/local/bin/vol.py", line 186, in <module>
>>     main()
>>   File "/usr/local/bin/vol.py", line 143, in main
>>     registry.register_global_options(config, commands.Command)
>>   File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py", line 157, in register_global_options
>>     for m in get_plugin_classes(cls, True).values():
>>   File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py", line 152, in get_plugin_classes
>>     raise Exception("Object {0} has already been defined by {1}".format(name, plugin))
>> Exception: Object EthScan has already been defined by <class 'volatility.plugins.ethscan_rc1.EthScan'>
>> 
>> 
>> Best regards
>> 
>> El 14/11/2013, a las 12:45, Jamie Levy <jamie.levy at gmail.com> escribió:
>> 
>>> Try:
>>> 
>>> sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 ethscan
>>> 
>>> First: --plugins takes in either a directory or a zipfile, not a plugin
>>> 
>>> Second: You didn't specify which plugin to run (ethscan)
>>> From: David <eterno.comandante at gmail.com>
>>> Date: Thu, 14 Nov 2013 10:41:47 +0100
>>> To: Jamie Levy<jamie.levy at gmail.com>
>>> Cc: Volatility List<vol-users at volatilityfoundation.org>
>>> Subject: Re: [Vol-users] Help to add new plugin
>>> 
>>> 
>>> Sorry I had a typo i didn´t write --profile=Win7SP1x64
>>> 
>>> 
>>>> sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 
>>> 
>>> 
>>> 
>>> I have the same error of ever :( 
>>> 
>>>> Volatility Foundation Volatility Framework 2.3.1
>>>> ERROR   : __main__            : You must specify something to do (try -h)
>>> 
>>> 
>>> Thanks!!
>>> 
>>> El 14/11/2013, a las 09:36, David <eterno.comandante at gmail.com> escribió:
>>> 
>>>> Hi @Jamie and list
>>>> 
>>>> Thanks very much for your support ;) 
>>>> 
>>>> I’ve same errors when i’m executing: :( 
>>>> 
>>>>  sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img 
>>>> 
>>>> The error:
>>>> 
>>>> Volatility Foundation Volatility Framework 2.3.1
>>>> ERROR   : __main__            : You must specify something to do (try -h)
>>>> 
>>>> Maybe the cause of this error can be that the new plugin “ethscan" isn't compatible with non instalable version of volatility 2.3.1, what do you think about? 
>>>> 
>>>> On the other hand, i found a brief tutorial about ethscan:
>>>> 
>>>> https://code.google.com/p/jamaal-re-tools/source/browse/volplugins/README.txt 
>>>> 
>>>> vol.py ethscan -f be2.vmem -R --dump-dir outputfiles -C out.pcap -P -S
>>>> 
>>>> The execution of the vol.py command is different……. :( 
>>>> 
>>>> He does not the flag —-plugin= 
>>>> 
>>>> Thanks for all!!
>>>> 
>>>> Ps: My apologies for my level of english 
>>>> 
>>>> 
>>>> El 13/11/2013, a las 16:43, Jamie Levy <jamie.levy at gmail.com> escribió:
>>>> 
>>>>> Hi David,
>>>>> 
>>>>> I think you might have also asked this on the channel.  So yes, you should use the `--plugins=/path/to/folder/with/ethscan` option, obviously changing the path to a folder that has that plugin.  If you were the person on the channel, the issue that you were having is because you must specify `--plugins` first, BEFORE any other options to vol.py:
>>>>> 
>>>>> http://code.google.com/p/volatility/wiki/VolatilityUsage23#Specifying_Additional_Plugin_Directories
>>>>> 
>>>>> Let me know if you have any other questions.
>>>>> 
>>>>> All the best,
>>>>> 
>>>>> -gleeda
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On Tue, Nov 12, 2013 at 6:42 AM, David Martin <eterno.comandante at gmail.com> wrote:
>>>>> Hello list,
>>>>> 
>>>>> Please, I need some help about for add/use new plugins in volatility 2.3.1.
>>>>> 
>>>>> Can I use the flag "--plugins=contrib/plugins"? o is there any method?
>>>>> 
>>>>> The plugin that I want for add/use is:
>>>>> 
>>>>> https://code.google.com/p/jamaal-re-tools/source/checkout 
>>>>> 
>>>>> Thanks for your support!!
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Vol-users mailing list
>>>>> Vol-users at volatilityfoundation.org
>>>>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> -- 
>>>>> PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3  64C2 196B 2AB5 27A4 AC92
>>>> 
>>> 
>> 
> 
> 
> 
> 
> -- 
> PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3  64C2 196B 2AB5 27A4 AC92

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20131114/3f49188f/attachment-0001.html


More information about the Vol-users mailing list