Cache fails with warning about non relative URLs on windows 7 x86 image

[GoogleCodeExporter]

C:\Users\admin\Desktop\vol>C:\Python27\python.exe volatility.py  pslist 
--profile=Win7SP0x86  -f win7vss.vmem
Volatile Systems Volatility Framework 1.4_rc1
Name                 Pid    PPid   Thds   Hnds   Time
System                    4      0     90    516 2010-07-06 22:28:46
smss.exe                252      4      2     29 2010-07-06 22:28:46
csrss.exe               348    340     10    441 2010-07-06 22:28:53
wininit.exe             384    340      3     73 2010-07-06 22:28:53
csrss.exe               396    376      8    187 2010-07-06 22:28:53
winlogon.exe            424    376      5    129 2010-07-06 22:28:54
services.exe            492    384     12    216 2010-07-06 22:28:54
lsass.exe               500    384      7    559 2010-07-06 22:28:54
lsm.exe                 508    384     10    142 2010-07-06 22:28:54
svchost.exe             616    492     10    348 2010-07-06 22:28:55
svchost.exe             680    492      8    264 2010-07-06 22:28:56
svchost.exe             728    492     21    425 2010-07-06 22:28:56
svchost.exe             848    492     20    413 2010-07-06 22:28:56
svchost.exe             876    492     44   1333 2010-07-06 22:28:56
svchost.exe            1056    492     16    589 2010-07-06 22:29:31
svchost.exe            1140    492     17    375 2010-07-06 22:29:51
spoolsv.exe            1312    492     13    315 2010-07-06 22:31:06
svchost.exe            1344    492     20    315 2010-07-06 22:31:07
VMwareService.         1488    492      8    200 2010-07-06 22:31:11
dllhost.exe            1944    492     16    187 2010-07-06 22:31:21
msdtc.exe               284    492     15    152 2010-07-06 22:31:24
svchost.exe            1920    492      8    115 2010-07-06 22:33:17
svchost.exe             840    492     15    381 2010-07-06 22:33:18
SearchIndexer.         1464    492     18    624 2010-07-06 22:33:20
TrustedInstall          188    492      8    245 2010-07-06 22:35:08
WmiPrvSE.exe           1768    616      5    112 2010-07-06 22:35:16
SearchFilterHo         1724   1464      6     82 2010-07-06 22:37:36
taskhost.exe           1156    492     10    155 2010-07-06 22:37:54
dwm.exe                 956    848      4     71 2010-07-06 22:38:07
explorer.exe           1880   1720     31    647 2010-07-06 22:38:07
wuauclt.exe            1896    876      6     96 2010-07-06 22:38:14
VMwareTray.exe         2144   1880      5     67 2010-07-06 22:38:29
VMwareUser.exe         2156   1880      9    205 2010-07-06 22:38:30
audiodg.exe            2312    728      5    153 2010-07-06 22:38:44
rundll32.exe           2484    492      1      5 2010-07-06 22:39:08
sdclt.exe              2504    492      1      4 2010-07-06 22:39:09
schtasks.exe           2512    492      2     60 2010-07-06 22:39:09
taskhost.exe           2520    492     11    224 2010-07-06 22:39:10
conhost.exe            2568    348      2     33 2010-07-06 22:39:11
wsqmcons.exe           2576    492      1      3 2010-07-06 22:39:11
SearchProtocol         2680   1464      8    231 2010-07-06 22:39:27
VMwareResoluti         3064   1488      1     23 2010-07-06 22:40:27
Traceback (most recent call last):
  File "volatility.py", line 138, in <module>
    main()
  File "volatility.py", line 129, in main
    command.execute()
  File "C:\Users\admin\Desktop\vol\volatility\commands.py", line 96, in execute
    func(outfd, data)
  File "C:\Users\admin\Desktop\vol\plugins\internal\taskmods.py", line 146, in render_text
    for task in data:
  File "C:\Users\admin\Desktop\vol\volatility\cache.py", line 404, in generate
    self.dump(path, payload)
  File "C:\Users\admin\Desktop\vol\volatility\cache.py", line 409, in dump
    self.node.dump()
  File "C:\Users\admin\Desktop\vol\volatility\cache.py", line 259, in dump
    self.storage.dump(self.stem, self)
  File "C:\Users\admin\Desktop\vol\volatility\cache.py", line 357, in dump
    filename = self.filename(url)
  File "C:\Users\admin\Desktop\vol\volatility\cache.py", line 338, in filename
    raise RuntimeError("Storing non relative URLs is not supported now ({0})".format(url))
RuntimeError: Storing non relative URLs is not supported now 
(file:///C:/Users/admin/Desktop/vol/win7vss.vmem/tests/pslist)

Original issue reported on code.google.com by atc...@gmail.com on 17 Aug 2010 at 11:16

[GoogleCodeExporter]

code was run on a windows 7 64 bit system with python 2.7

Original comment by atc...@gmail.com on 17 Aug 2010 at 11:17

[GoogleCodeExporter]

That's actually the cache that's going wrong, not pslist.  Could you please 
retry the same command with --no-cache and see if that solves the error 
message?  I need to add in notice if the caching's enabled, just so people are 
aware...

Original comment by mike.auty@gmail.com on 17 Aug 2010 at 11:19

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

runs to completion with --no-cache. I will open up a bug for the cache issue 
and you can close this one as invalid

Original comment by atc...@gmail.com on 17 Aug 2010 at 11:34

[GoogleCodeExporter]

It's ok, I can just change the summary...

Original comment by mike.auty@gmail.com on 17 Aug 2010 at 11:35

• Changed title: Cache fails with warning about non relative URLs on windows 7 x86 image

[GoogleCodeExporter]

Issue 4 has been merged into this issue.

Original comment by mike.auty@gmail.com on 17 Aug 2010 at 11:37

[GoogleCodeExporter]

With the same command-line can you please add --help and copy the line that 
starts "-l"?  That should tell us which config.LOCATION it's trying to work on, 
and we can figure out why that doesn't match the requested URL.

Original comment by mike.auty@gmail.com on 17 Aug 2010 at 11:43

[GoogleCodeExporter]

From the user, the config.LOCATION  is as follows:

-l file://///C:/Users/admin/Desktop/vol/win7vss.vmem

The multiple slashes at the start are the problem, but it's not clear what 
caused them.  My initial guess is that this is a Windows problem.  Sorry for 
the spam scudette, not related to the cache, I'll unCC you...

Original comment by mike.auty@gmail.com on 18 Aug 2010 at 12:07

• Changed state: Started

[GoogleCodeExporter]

Ok this issue should be fixed by r383 (and user confirms).

Original comment by mike.auty@gmail.com on 18 Aug 2010 at 1:29

• Changed state: Fixed