[Vol-users] AttributeError: 'linux_mount' object has no attribute 'parse_mnt' error when trying to list tmpfs in Linux/Windows using Volatility 2.4

Andrew Case atcuno at gmail.com
Mon Oct 13 15:07:23 CDT 2014


Hello,


This has been fixed. Please git pull and it should work. Let me know if
you still have issues and thanks for the bug report.

Thanks,
Andrew (@attrc)

On 10/13/2014 01:51 AM, Srinivasan J wrote:
> Hi,
>    I am trying to recover tmpfs from a RAM lime dump using volatility
> 2.4 in Linux/Windows, but I hit the  "AttributeError: 'linux_mount'
> object has no attribute 'parse_mnt'". Is this a known issue?
> 
> Thanks,
> Srini
> 
> 
> [srini at localhost volatility-2.4]$ python
> /home/srini/vola/setup/volatility-2.4/vol.py
> --plugins=/mnt/data/home/srini/ovf --profile=Linuxcentos7x64 -f
> /mnt/data/home/srini/ovf/ramtmpfs.lime linux_tmpfs -L
> Volatility Foundation Volatility Framework 2.4
> Traceback (most recent call last):
> File "/home/srini/vola/setup/volatility-2.4/vol.py", line 192, in <module>
> main()
> File "/home/srini/vola/setup/volatility-2.4/vol.py", line 183, in main
> command.execute()
> File "/home/srini/vola/setup/volatility-2.4/volatility/plugins/linux/common.py",
> line 62, in execute
> commands.Command.execute(self, *args, **kwargs)
> File "/home/srini/vola/setup/volatility-2.4/volatility/commands.py",
> line 127, in execute
> func(outfd, data)
> File "/home/srini/vola/setup/volatility-2.4/volatility/plugins/linux/tmpfs.py",
> line 157, in render_text
> for (i, path) in data:
> File "/home/srini/vola/setup/volatility-2.4/volatility/plugins/linux/tmpfs.py",
> line 148, in calculate
> tmpfs_sbs = self.get_tmpfs_sbs()
> File "/home/srini/vola/setup/volatility-2.4/volatility/plugins/linux/tmpfs.py",
> line 120, in get_tmpfs_sbs
> for (sb, _dev_name, path, fstype, _rr, _mnt_string) in
> linux_mount.linux_mount(self._config).parse_mnt(mnts):
> AttributeError: 'linux_mount' object has no attribute 'parse_mnt'
> 
> 
> C:\Users\sjayarajan\Downloads\volatility_2.4.win.standalone\volatility_2.4.win.s
> tandalone>
> 
> C:\Users\sjayarajan\Downloads\volatility_2.4.win.standalone\volatility_2.4.win.s
> tandalone>volatility-2.4.standalone.exe --plugins=profile --profile=Linuxcentos7
> x64 -f D:\volat\ramtmpfs.lime linux_tmpfs -L
> Volatility Foundation Volatility Framework 2.4
> Traceback (most recent call last):
> File "<string>", line 192, in <module>
> File "<string>", line 183, in main
> File "C:\volatility\build\pyinstaller\out00-PYZ.pyz\volatility.plugins.linux.c
> ommon", line 62, in execute
> File "C:\volatility\build\pyinstaller\out00-PYZ.pyz\volatility.commands", line
> 127, in execute
> File "C:\volatility\build\pyinstaller\out00-PYZ.pyz\volatility.plugins.linux.t
> mpfs", line 157, in render_text
> File "C:\volatility\build\pyinstaller\out00-PYZ.pyz\volatility.plugins.linux.t
> mpfs", line 148, in calculate
> File "C:\volatility\build\pyinstaller\out00-PYZ.pyz\volatility.plugins.linux.t
> mpfs", line 120, in get_tmpfs_sbs
> AttributeError: 'linux_mount' object has no attribute 'parse_mnt'
> 
> C:\Users\sjayarajan\Downloads\volatility_2.4.win.standalone\volatility_2.4.win.s
> tandalone>volatility-2.4.standalone.exe --plugins=profile --profile=Linuxcentos7
> x64 -f D:\volat\ramtmpfs.lime linux_cpuinfo
> Volatility Foundation Volatility Framework 2.4
> Processor Vendor Model
> ------------ ---------------- -----
> 0 GenuineIntel Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz
> 
> C:\Users\sjayarajan\Downloads\volatility_2.4.win.standalone\volatility_2.4.win.s
> tandalone>
> 
> 
> [srini at localhost volatility-2.4]$ python
> /home/srini/vola/setup/volatility-2.4/vol.py
> --plugins=/mnt/data/home/srini/ovf --profile=Linuxcent
> os7x64 --info | more
> Volatility Foundation Volatility Framework 2.4
> 
> 
> Profiles
> --------
> Linuxcentos7x64 - A Profile for Linux centos7 x64
> VistaSP0x64 - A Profile for Windows Vista SP0 x64
> VistaSP0x86 - A Profile for Windows Vista SP0 x86
> VistaSP1x64 - A Profile for Windows Vista SP1 x64
> VistaSP1x86 - A Profile for Windows Vista SP1 x86
> VistaSP2x64 - A Profile for Windows Vista SP2 x64
> VistaSP2x86 - A Profile for Windows Vista SP2 x86
> 
> 
> [srini at localhost volatility-2.4]$ python
> /home/srini/vola/setup/volatility-2.4/vol.py
> --plugins=/mnt/data/home/srini/ovf --profile=Linuxcentos7x64 -f
> /mnt/data/home/srini/ovf/ramtmpfs.lime linux_cpuinfo
> Volatility Foundation Volatility Framework 2.4
> Processor Vendor Model
> ------------ ---------------- -----
> 0 GenuineIntel Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz
> 
> [srini at localhost volatility-2.4]$ python
> /home/srini/vola/setup/volatility-2.4/vol.py
> --plugins=/mnt/data/home/srini/ovf --profile=Linuxcentos7x64 -f
> /mnt/data/home/srini/ovf/ramtmpfs.lime linux_mount
> Volatility Foundation Volatility Framework 2.4
> hugetlbfs /dev/hugepages hugetlbfs rw,relatime
> 
> devtmpfs /dev devtmpfs rw,nosuid
> 
> tmpfs /dev/shm tmpfs rw,nosuid,nodev
> 
> devpts /dev/pts devpts rw,relatime,nosuid,noexec
> 
> cgroup /sys/fs/cgroup/memory cgroup rw,relatime,nosuid,nodev,noexec
> 
> tmpfs /sys/fs/cgroup tmpfs rw,nosuid,nodev,noexec
> 
> proc /proc proc rw,relatime,nosuid,nodev,noexec
> 
> /dev/mapper/centos-root / xfs rw,relatime
> 
> tmpfs /run tmpfs rw,nosuid,nodev
> 
> sysfs /sys sysfs rw,relatime,nosuid,nodev,noexec
> 
> sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime
> 
> mqueue /dev/mqueue mqueue rw,relatime
> 
> debugfs /sys/kernel/debug debugfs rw,relatime
> 
> selinuxfs /sys/fs/selinux selinuxfs rw,relatime
> 
> securityfs /sys/kernel/security securityfs rw,relatime,nosuid,nodev,noexec
> 
> cgroup /sys/fs/cgroup/systemd cgroup rw,relatime,nosuid,nodev,noexec
> 
> pstore /sys/fs/pstore pstore rw,relatime,nosuid,nodev,noexec
> 
> cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,nosuid,nodev,noexec
> 
> sunrpc /proc/fs/nfsd nfsd rw,relatime
> 
> tmpfs /mnt/ramdisk tmpfs rw,relatime
> cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,relatime,nosuid,nodev,noexec
> 
> configfs /sys/kernel/config configfs rw,relatime
> 
> cgroup /sys/fs/cgroup/devices cgroup rw,relatime,nosuid,nodev,noexec
> 
> systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime
> 
> cgroup /sys/fs/cgroup/freezer cgroup rw,relatime,nosuid,nodev,noexec
> 
> cgroup /sys/fs/cgroup/net_cls cgroup rw,relatime,nosuid,nodev,noexec
> 
> cgroup /sys/fs/cgroup/blkio cgroup rw,relatime,nosuid,nodev,noexec
> 
> /dev/sda1 /boot xfs rw,relatime
> 
> cgroup /sys/fs/cgroup/perf_event cgroup rw,relatime,nosuid,nodev,noexec
> 
> cgroup /sys/fs/cgroup/hugetlb cgroup rw,relatime,nosuid,nodev,noexec
> 
> 
> [srini at localhost volatility-2.4]$ python
> /home/srini/vola/setup/volatility-2.4/vol.py
> --plugins=/mnt/data/home/srini/ovf --profile=Linuxcent
> os7x64 -f /mnt/data/home/srini/ovf/ramtmpfs.lime linux_bash
> Volatility Foundation Volatility Framework 2.4
> Pid Name Command Time Command
> -------- -------------------- ------------------------------ -------
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ./configure
> 15151 bash 2014-10-12 01:35:58 UTC+0000 yum provides tcpsic
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls -ltrh
> 15151 bash 2014-10-12 01:35:58 UTC+0000 mv lmbench3 lmbench3-3.10
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls
> 15151 bash 2014-10-12 01:35:58 UTC+0000 cd linux/
> 15151 bash 2014-10-12 01:35:58 UTC+0000 yum intall isic
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls
> 15151 bash 2014-10-12 01:35:58 UTC+0000 yum provides dwarfdump
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls
> 15151 bash 2014-10-12 01:35:58 UTC+0000 cd 3.10.0-123.el7.x86_64/
> 15151 bash 2014-10-12 01:35:58 UTC+0000 uname -a
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls
> 15151 bash 2014-10-12 01:35:58 UTC+0000 yum install isic
> 15151 bash 2014-10-12 01:35:58 UTC+0000 cd linux/
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ls
> 15151 bash 2014-10-12 01:35:58 UTC+0000 make
> 15151 bash 2014-10-12 01:35:58 UTC+0000 ifconfig
> 15151 bash 2014-10-12 01:35:58 UTC+0000 cd lmbench3-3.10
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> 


More information about the Vol-users mailing list