search

Stan1989 / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

api calls sys.exit rather than raising an error #415

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. use Win7x64SP1 vm image
2. try to use the GDT or IDT plugins
3. Watch as it exits instead of throwing an error

What is the expected output? What do you see instead?
It's completely understandable that Volatility doesn't support x64 IDT or GDT 
(although it would be better if it did). The main problem is that when using 
volatility as an API it is a problem to have it call sys.exit rather than throw 
an error that can be caught and handled by the calling application.

What version of the product are you using? On what operating system?
I'm using current trunk (r3393) on ubuntu linux x64

Please provide any additional information below.

Problem Code:

def error(msg):
    log(msg, logging.ERROR)
    sys.exit(1)

Exception trace:

No handlers could be found for logger "volatility.plugins.malware.idt"
Traceback (most recent call last):
  File "test_memory.py", line 19, in <module>
    for mod in foo.calculate():
  File "/usr/local/lib/python2.6/dist-packages/volatility/plugins/malware/idt.py", line 275, in calculate
    debug.error("This command does not support the selected profile.")
  File "/usr/local/lib/python2.6/dist-packages/volatility/debug.py", line 59, in error
    sys.exit(1)
SystemExit: 1

Original issue reported on code.google.com by mikespec...@gmail.com on 22 Apr 2013 at 6:40

GoogleCodeExporter commented 9 years ago

Original comment by jamie.l...@gmail.com on 23 Apr 2013 at 1:26

GoogleCodeExporter commented 9 years ago 
Hello, 

So if you use the idt/gdt plugins via vol.py it prints the error message as 
expected, and gracefully exits:

$ python vol.py -f mem.dmp --profile=Win7SP1x64 idt
Volatile Systems Volatility Framework 2.3_alpha
   CPU  Index           Selector Value              Module               Section     
------ ------ ------------------ ------------------ -------------------- 
------------
ERROR   : volatility.plugins.malware.idt: This command does not support the 
selected profile.

The difference between vol.py and your test_memory.py script is that we catch 
the SystemExit exception. If you wanted to take special actions when a "fatal" 
error like this is encountered in your script, I'd suggest enclosing the 
potentially offending lines in a try/except that catches SystemExit and then 
does whatever you want. 

Alternately, since you are writing your own script, you can check if the plugin 
is going to exit before you call calculate(). For example:

{{{
import volatility.plugins.malware.idt as idt

.....

if idt.IDT.is_valid_profile(my_address_space.profile):
      # call idt.calculate()
else:
      print "sorry, not running this plugin" 
}}}

I'm going to assume one of those options will work for you and close this issue 
out. If you have other thoughts, feel free to re-open.

Original comment by michael.hale@gmail.com on 27 Apr 2013 at 4:07