Closed Alex-Stamate closed 9 years ago
I've had the same issue, and since I didn't need anything in Volatility 2.4, I used 2.3 with no problem.
On Sunday, March 8, 2015, The-Betrayer notifications@github.com wrote:
Hi all,
I'm trying Cuckoo 1.2 with Volatility 2.4; I'm running on Ubuntu 14.10 and the error I'm getting during memory dump processing is:
[modules.processing.memory] ERROR: Generic error executing volatility Traceback (most recent call last): File "/home/alex/cuckoo/modules/processing/memory.py", line 1047, in run results = vol.run() File "/home/alex/cuckoo/modules/processing/memory.py", line 960, in run if self.voptions.ssdt.enabled: AttributeError: Config instance has no attribute 'ssdt'
From what I can tell the Volatility 2.4 doesn't have the ssdt.py under volatility/plugins/malware/ as the memory.py module from Cuckoo implies. NOTE: one can check this here hxxps:// github.com/volatilityfoundation/volatility/tree/master/volatility/plugins/malware .
Volatility still has SSDT as a valid parameter, but this plugin (ssdt.py) is another location, volatility/plugins/ (in the top folder for plugins). Could this be the cause of the error above?
Thank you, Alex.
Reply to this email directly or view it on GitHub https://github.com/cuckoobox/cuckoo/issues/495.
Thank you copeland, in truth one can do most of the stuff with Volatility 2.3 yet the change log for Cuckoo 1.2 says it should integrate with Volatility 2.4 - hence my question.
It does not look like an error with volatility, but more regarding your configuration file. Did you update your configuration files when updating to Cuckoo 1.2 ?
Could you check that your config file "memory.conf" contains an "ssdt" section like the following:
[ssdt]
enabled = yes
filter = on
Thanks a lot for the hint gaelmuller - this was it! We can close the thread.
Hi all,
I'm trying Cuckoo 1.2 with Volatility 2.4; I'm running on Ubuntu 14.10 and the error I'm getting during memory dump processing is:
[modules.processing.memory] ERROR: Generic error executing volatility Traceback (most recent call last): File "/home/alex/cuckoo/modules/processing/memory.py", line 1047, in run results = vol.run() File "/home/alex/cuckoo/modules/processing/memory.py", line 960, in run if self.voptions.ssdt.enabled: AttributeError: Config instance has no attribute 'ssdt'
From what I can tell the Volatility 2.4 doesn't have the ssdt.py under volatility/plugins/malware/ as the memory.py module from Cuckoo implies. NOTE: one can check this here hxxps://github.com/volatilityfoundation/volatility/tree/master/volatility/plugins/malware.
Volatility still has SSDT as a valid parameter, but this plugin (ssdt.py) is another location, volatility/plugins/ (in the top folder for plugins). Could this be the cause of the error above?
Thank you, Alex.