Dik1s / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

Calling volatilitry from another python script fail #440

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. calling vol.py using subprocess/os.system with dynamic parameters

What is the expected output? What do you see instead?

the expected output should be the same when running vol.py from command line:
for instance:
/usr/local/bin/vol.py --profile=Win7SP1x86  -f memory.dmp vaddump --dump-dir=tmp
works !!! from command line but when trying to execute from another python 
script it complains randomly:

raceback (most recent call last):
  File "/usr/local/bin/vol.py", line 186, in <module>
    main()
  File "/usr/local/bin/vol.py", line 177, in main
    command.execute()
  File "/usr/local/lib/python2.7/dist-packages/volatility/commands.py", line 111, in execute
    func(outfd, data)
  File "/usr/local/lib/python2.7/dist-packages/volatility/plugins/taskmods.py", line 139, in render_text
    for task in data:
  File "/usr/local/lib/python2.7/dist-packages/volatility/win32/tasks.py", line 72, in pslist
    for p in get_kdbg(addr_space).processes():
  File "/usr/local/lib/python2.7/dist-packages/volatility/plugins/overlays/windows/kdbg_vtypes.py", line 41, in processes
    raise AttributeError("Could not list tasks, please verify your --profile with kdbgscan")

What version of the product are you using? On what operating system?
OS: Debian 7 64bit
Python 2.7.3
volatility: Volatile Systems Volatility Framework 2.3_beta

Please provide any additional information below.

Original issue reported on code.google.com by udisha...@gmail.com on 26 Aug 2013 at 1:41

Attachments:

GoogleCodeExporter commented 8 years ago
Hello, I personally call Volatility from other Python scripts just fine, so you 
are probably doing something strange. Unfortunately the attached rtf file 
doesn't show any of the actual Volatility usage. Please read the following wiki 
page on how to use Volatility as a library if that's what you're trying to do: 

https://code.google.com/p/volatility/wiki/VolatilityUsage23#Using_Volatility_as_
a_Library

Original comment by michael.hale@gmail.com on 26 Aug 2013 at 10:55