Need to check bootkey variable in hashdump.py

When running the following hashdump command on moyix's ds_fuzz image, I get the 
following error:

$ ./volatility.py -f ../ds_fuzz_hidden_proc.img --no-cache 
--profile=WinXPSP3x86 -y 0XE1018388 -s 0XE1482008 hashdump
Volatile Systems Volatility Framework 1.4_rc1
ERR: Couldn't find subkey Lsa of Control
Traceback (most recent call last):
  File "./volatility.py", line 126, in <module>
    main()
  File "./volatility.py", line 117, in main
    command.execute()
  File "/Vol_1.4/volatility/commands.py", line 101, in execute
    func(outfd, data)
  File "/Vol_1.4/volatility/plugins/registry/lsadump.py", line 110, in render_text
    for d in data:
  File "/Vol_1.4/volatility/win32/hashdump.py", line 303, in dump_hashes
    hbootkey = get_hbootkey(samaddr, bootkey)
  File "/Vol_1.4/volatility/win32/hashdump.py", line 164, in get_hbootkey
    md5.update(F[0x70:0x80] + aqwerty + bootkey + anum)
TypeError: cannot concatenate 'str' and 'NoneType' objects

You can see from there is an error about missing the LSA key in SYSTEM, which 
is true:

$ ./volatility.py -f ../ds_fuzz_hidden_proc.img --no-cache 
--profile=WinXPSP3x86 -o 0XE1018388 printkey -K 'ControlSet001\Control'
Volatile Systems Volatility Framework 1.4_rc1
Key name: Control
(Stable)
Last updated: 2008-11-26 07:38:18 

Subkeys:
  AGP(Stable)
  Arbiters(Stable)
  BackupRestore(Stable)
  Biosinfo(Stable)
  BootVerificationProgram(Stable)
[snip]
  HAL(Stable)
  IDConfigDB(Stable)
  Keyboard Layout(Stable)
  MediaResources(Stable)
  Network(Stable)
  NetworkProvider(Stable)
[snip]

The problem is that bootkey is not checked before calling get_hbootkey in 
dump_hashes (or within the get_hbootkey function itself).  

It might be good to check hbootkey in dump_hashes as well after calling 
get_hbootkey in case the SAM keys are unreadable as well...

Original issue reported on code.google.com by jamie.l...@gmail.com on 8 Jan 2011 at 11:29

Leor3961 / volatility

Need to check bootkey variable in hashdump.py #58