Fvoid / malwarecookbook

Automatically exported from code.google.com/p/malwarecookbook
GNU General Public License v3.0
0 stars 1 forks source link

malware2.1_alpha.py Error #39

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
XP SP2 32bit.
Volatility SVN revision: 1247

C:\volatility>python --version
Python 2.7.1

C:\volatility>python vol.py malfind -f XP.vmem --dump-dir c:\tmp\
Volatile Systems Volatility Framework 2.1_alpha
Traceback (most recent call last):
  File "vol.py", line 135, in <module>
    main()
  File "vol.py", line 126, in main
    command.execute()
  File "C:\volatility\volatility\commands.py", line 101, in execute
    func(outfd, data)
  File "C:\volatility\volatility\plugins\malware.py", line 1440, in render_text
    for proc, vad, content in data:
  File "C:\volatility\volatility\plugins\malware.py", line 1435, in calculate
    for vad, data in proc.find_injections():
  File "C:\volatility\volatility\plugins\malware.py", line 681, in find_injections
    for vad in self.VadRoot.traverse():
  File "C:\volatility\volatility\obj.py", line 335, in __getattr__
    return getattr(proxied, attr)
AttributeError: 'long' object has no attribute 'traverse'

Original issue reported on code.google.com by john.cob...@googlemail.com on 17 Jan 2012 at 11:06

GoogleCodeExporter commented 8 years ago
John, 

malware2.1_alpha.py is just my playground for now (as is the 2.1 alpha svn 
trunk of volatility). A lot will be changing. Please use malware.py and the 
stable release of volatility 2.0. I plan on releasing malware2.1_alpha.py at 
the same time as volatility 2.1 but until then its going to be pretty unusable. 

MHL

Original comment by michael.hale@gmail.com on 18 Jan 2012 at 3:19

GoogleCodeExporter commented 8 years ago
ok thanks, let me know if you need any testing done.

Thanks

John

Original comment by john.cob...@googlemail.com on 22 Jan 2012 at 8:10

GoogleCodeExporter commented 8 years ago
Hey John, 

The malfind, yarascan, ldrmodules, svcscan, idt, gdt, callbacks, timers, and 
some others are available in 2.1 alpha now. No need to download malware.py 
separately anymore. Feel free to test and open issues on this site or the main 
volatility site (code.google.com/p/volatility) if you come across specific bugs 
when testing. 

Thanks!

Original comment by michael.hale@gmail.com on 18 Apr 2012 at 3:42