search

TimsterMon / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

write support doesn't work with Enumeration (maybe others?) #379

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The raw2dump plugin uses write support to build a _DMP_HEADER64 or _DMP_HEADER 
object, and initialize its members. Write support seems to work fine for things 
like Comment and SystemTime, but not for DumpType:

'_DMP_HEADER' : [ None, {
                    'Comment' : [ None, ['String', dict(length = 128)]],
                    'DumpType' : [ None, ['Enumeration', dict(choices = {0x1: "Full Dump", 0x2: "Kernel Dump"})]],
                    'SystemTime' : [ None, ['WinTimeStamp', dict(is_utc = True)]],
                }],

So we can easily do this:

header.Comment = "Comment"
header.SystemTime = kuser.SystemTime.as_windows_timestamp()

But we cannot do this:

header.DumpType = 1
- OR - 
header.DumpType = "FullDump" 

Both of the above results in an exception "Struct() argument 1 must be string, 
not _DMP_HEADER"

Original issue reported on code.google.com by michael.hale@gmail.com on 7 Feb 2013 at 3:35

GoogleCodeExporter commented 9 years ago

Original comment by michael.hale@gmail.com on 7 Mar 2014 at 9:21

GoogleCodeExporter commented 9 years ago

Original comment by mike.auty@gmail.com on 18 Feb 2015 at 6:54