search

DTM05 / malwarecookbook

Automatically exported from code.google.com/p/malwarecookbook
0 stars 0 forks source link

list of apihooks possibly incomplete #33

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1.C:\Python27\Scripts>python vol.py apihooks -f 
"D:\X-Ways-Images\Malware\silentbanker.vmem"

2. A testsuite run outputs the following
C:\Python27\Scripts>python vol.py testsuite -f 
"D:\X-Ways-Images\Malware\silentbanker.vme
Volatile Systems Volatility Framework 2.0
Executing dlldump
Executing vadtree
Error running userassist - option -o/--hive-offset: conflicting option 
string(s): -o
Executing procmemdump
Executing procexedump
Error running lsadump - option -s/--sec-offset: conflicting option string(s): -s
Executing moddump
Executing handles
Error running handles - maximum recursion depth exceeded while calling a Python 
object
Executing dlllist
Executing psxview
Error running psxview - maximum recursion depth exceeded while calling a Python 
object
Executing vadinfo
Executing memmap
Executing memdump
Error running svcscan - option -y/--yara-rules-only: conflicting option 
string(s): -y
Error running malfind - option -K/--kernel: conflicting option string(s): -K
Error running hashdump - option -s/--sam-offset: conflicting option string(s): 
-s
Error running imagecopy - option -b/--blocksize: conflicting option string(s): 
-b
Executing vadwalk
Error running threads - option -s/--size: conflicting option string(s): -s
Executing vaddump
Error running ssdt_ex - no such option '--yara-rules-only'
Error running impscan - option -y/--yara-rules-only: conflicting option 
string(s): -y
Error running callbacks - no such option '--kernel'
Executing getsids
Error running idt - option -K/--kernel: conflicting option string(s): -K
Executing ldrmodules
Executing pslist
Executing apihooks
Finished after 113.459000111 seconds
Error running apihooks - local variable 'flat_x' referenced before assignment
Executing driverirp
Error running driverirp - maximum recursion depth exceeded while calling a 
Python object
Error running strings - option -s/--string-file: conflicting option string(s): 
-s

What is the expected output? What do you see instead?

Volatile Systems Volatility Framework 2.0
Name                             Type     Target                                
   Value
Finished after 115.231999874 seconds
What version of the product are you using? On what operating system?
Volatility 2.0 an Malware.py R97

Original issue reported on code.google.com by MichaelF...@gmx.net on 15 Aug 2011 at 12:05

GoogleCodeExporter commented 8 years ago 
Solved with R98.
Thank you Michael!

Original comment by MichaelF...@gmx.net on 16 Aug 2011 at 5:52

GoogleCodeExporter commented 8 years ago

Original comment by michael.hale@gmail.com on 16 Aug 2011 at 8:46