imageinfo prints duplicate profiles

[GoogleCodeExporter]

Super low priority but logging it here so we don't forget

Suggested Profile(s) : Win7SP1x64, Win7SP0x64, Win7SP1x64, Win7SP0x64

i'm thinking we should only list each profile once?

Original issue reported on code.google.com by michael.hale@gmail.com on 20 Jan 2012 at 2:56

[GoogleCodeExporter]

hrmmmm I would think so.  I haven't seen it spit out the same profile twice 
before... I wonder what's different?

Original comment by jamie.l...@gmail.com on 20 Jan 2012 at 3:01

[GoogleCodeExporter]

Mmmm, it's something we should be able to fix with sets, but then would lose 
priority ordering on the results...  5:\  Tricky.  As you say, quite low 
priority at the moment I'm afraid...

Original comment by mike.auty@gmail.com on 20 Jan 2012 at 3:06

[GoogleCodeExporter]

This will probably not print duplicates anymore, due to having removed the 
hard-coded responses from kdbgscan.  Please check if it's still the problem 
after r1294.  If not then we can close this bug out...  5:)

Original comment by mike.auty@gmail.com on 22 Jan 2012 at 9:59

[GoogleCodeExporter]

Hmm with r1296 I still get duplicates:

$ python vol.py -f ~/Downloads/win7_x64.dmp imageinfo
Volatile Systems Volatility Framework 2.1_alpha
Determining profile based on KDBG search...

          Suggested Profile(s) : Win7SP1x64, Win7SP0x64, Win7SP1x64, Win7SP0x64
                     AS Layer1 : AMD64PagedMemory (Kernel AS)
                     AS Layer2 : FileAddressSpace (/Users/Michael/Downloads/win7_x64.dmp)
                      PAE type : PAE
                           DTB : 0x187000
                          KDBG : 0x11242989070
                          KPCR : 0xffdff000
Could not list tasks, please verify the --profile option and whether this image 
is valid

Note: tasks can't be listed because its a crash dump. AW is working on that 
ATM, but doesn't explain why the suggestions are duplicated. 

Original comment by michael.hale@gmail.com on 23 Jan 2012 at 2:47

[GoogleCodeExporter]

Potentially there may have been multiple KDBG structures identified?  It would 
be relatively easy to add a set() in to the suggestion list, but it would be 
nice to figure out what's causing this.  Also, we may want to consider issue 
140 and developing a quicker dtb finder than scanning for KDBG structures...

Original comment by mike.auty@gmail.com on 12 Feb 2012 at 8:53

[GoogleCodeExporter]

This issue was closed by revision r1590.

Original comment by mike.auty@gmail.com on 3 Apr 2012 at 10:31

• Changed state: Fixed