arjunsingharyan / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

mac_notifiers issue #413

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

1. Collected a memory sample from a 10.7.4 x64 system with Mac Memory Reader in 
mach-o format
2. Ran the following command: python vol.py mac_notifiers -f ram_dump.mach-o 
--profile=MacLion_10_7_4_AMDx64

What is the expected output? What do you see instead?
- I was expecting an output similar to 
https://code.google.com/p/volatility/wiki/MacCommandReference23#mac_notifiers

- Instead the following was displayed:
<pre>
Volatile Systems Volatility Framework 2.3_alpha
Status     Key                            Handler            Matches
---------- ------------------------------ ------------------ -------
Traceback (most recent call last):
  File "vol.py", line 186, in <module>
    main()
  File "vol.py", line 177, in main
    command.execute()
  File "/Users/test/tools/volatility-test/volatility/plugins/mac/common.py", line 43, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "/Users/test/tools/volatility-test/volatility/commands.py", line 111, in execute
    func(outfd, data)
  File "/Users/test/tools/volatility-test/volatility/plugins/mac/notifiers.py", line 112, in render_text
    for (good, key, notifier, matches) in data:
  File "/Users/test/tools/volatility-test/volatility/plugins/mac/notifiers.py", line 49, in calculate
    gnotifications = p.dereference_as(self._struct_or_class("OSDictionary"))
  File "/Users/test/tools/volatility-test/volatility/plugins/mac/notifiers.py", line 39, in _struct_or_class
    return type_type
</pre>

What version of the product are you using? On what operating system?
- Analysis done on an OS X system with revision 3387.

Please provide any additional information below.
- Code at 
https://code.google.com/p/volatility/source/browse/trunk/volatility/plugins/mac/
notifiers.py#39 should be "return type_name" instead of "return type_type"

Original issue reported on code.google.com by cemgur...@gmail.com on 20 Apr 2013 at 2:59

GoogleCodeExporter commented 8 years ago

Original comment by jamie.l...@gmail.com on 21 Apr 2013 at 2:01

GoogleCodeExporter commented 8 years ago
fixed in r3388  

Original comment by jamie.l...@gmail.com on 22 Apr 2013 at 3:21

GoogleCodeExporter commented 8 years ago
Thanks!

Original comment by cemgur...@gmail.com on 22 Apr 2013 at 3:28