[Vol-users] zeusscan2

Michael Ligh michael.ligh at mnin.org
Mon Sep 15 10:52:19 CDT 2014


Hi Bill, 

A segmentation fault with volatility is extremely rare, I think I’ve only seen it once or twice in 6-7 years. So congratulations on finding an interesting bug ;-)

I would recommend the following:

1) Make sure you have the latest 2.4 (not a Beta version) from either https://github.com/volatilityfoundation/volatility or http://www.volatilityfoundation.org/#!24/c12wa. 

2) Try to narrow it down to zeuscan on a particular process (for example zeusscan -p PID). Once you’ve done that, we can look at the VAD nodes of the process (vadinfo) and see if there’s anything funky. 

3) While running zeusscan, keep an eye on your system’s RAM. Is it getting maxed out? 

Thanks,
Michael 

--------------------------------------------------
Michael Ligh (@iMHLv2)
GPG: http://mnin.org/gpg.pubkey.txt
Blog: http://volatility-labs.blogspot.com

On Sep 8, 2014, at 2:24 PM, Bill Moylan <billyfm at gmail.com> wrote:

> Testing zeusscan against a known zeus vmem sample, I am getting a segmentation fault. Other vol commands run and return results properly, and zeuscan appears to have compiled OK. No errors output except for the segmentation fault.
> Host OS is CentOS Linux 2.6, Volatility is 2.4. Zeus.vmem is WinXPSP2x86
> 
> Any ideas on troubleshooting?
> 
> Bill
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20140915/3d5fdac7/signature.bin


More information about the Vol-users mailing list