ClaudeZoo / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

TcpIp structures in 64-bit windows #209

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
C:\Users\dmk\volatility>python vol.py -f ..\win7sp1x64.dmp --profile=Win7SP1x64 
connscan
Volatile Systems Volatility Framework 2.1_alpha
 Offset(P)  Local Address             Remote Address            Pid
---------- ------------------------- ------------------------- ------
WARNING : volatility.obj      : Cant find object _TCPT_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x0000000007A8B780>?
Traceback (most recent call last):
  File "vol.py", line 135, in <module>
    main()
  File "vol.py", line 126, in main
    command.execute()
  File "C:\Users\dmk\volatility\volatility\commands.py", line 101, in execute
    func(outfd, data)
  File "C:\Users\dmk\volatility\volatility\plugins\connscan.py", line 81, in render_text
    local = "{0}:{1}".format(tcp_obj.LocalIpAddress, tcp_obj.LocalPort)
AttributeError: 'NoneType' object has no attribute 'LocalIpAddress'

What version of the product are you using? On what operating system?
svn trunk
win7 sp1 x64

Original issue reported on code.google.com by moltes...@gmail.com on 12 Feb 2012 at 8:09

GoogleCodeExporter commented 9 years ago
Issue 210 has been merged into this issue.

Original comment by mike.auty@gmail.com on 12 Feb 2012 at 8:55

GoogleCodeExporter commented 9 years ago
This is a known problem, trunk is still in development.  See issue 194.

Original comment by mike.auty@gmail.com on 12 Feb 2012 at 9:01

GoogleCodeExporter commented 9 years ago
Please try again with the netscan plugin.  For systems Vista+ you should use 
netscan not conn* sock* plugins.  Same thing for issue 210.

Original comment by jamie.l...@gmail.com on 14 Feb 2012 at 12:32