search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.55k stars 1.71k forks source link

Cuckoo 1.2 vs Volatility 2.4 #495

Closed Alex-Stamate closed 9 years ago

Alex-Stamate commented 9 years ago

Hi all,

I'm trying Cuckoo 1.2 with Volatility 2.4; I'm running on Ubuntu 14.10 and the error I'm getting during memory dump processing is:

[modules.processing.memory] ERROR: Generic error executing volatility Traceback (most recent call last): File "/home/alex/cuckoo/modules/processing/memory.py", line 1047, in run results = vol.run() File "/home/alex/cuckoo/modules/processing/memory.py", line 960, in run if self.voptions.ssdt.enabled: AttributeError: Config instance has no attribute 'ssdt'

From what I can tell the Volatility 2.4 doesn't have the ssdt.py under volatility/plugins/malware/ as the memory.py module from Cuckoo implies. NOTE: one can check this here hxxps://github.com/volatilityfoundation/volatility/tree/master/volatility/plugins/malware.

Volatility still has SSDT as a valid parameter, but this plugin (ssdt.py) is another location, volatility/plugins/ (in the top folder for plugins). Could this be the cause of the error above?

Thank you, Alex.

copeland3300 commented 9 years ago

I've had the same issue, and since I didn't need anything in Volatility 2.4, I used 2.3 with no problem.

On Sunday, March 8, 2015, The-Betrayer notifications@github.com wrote:

Hi all,

I'm trying Cuckoo 1.2 with Volatility 2.4; I'm running on Ubuntu 14.10 and the error I'm getting during memory dump processing is:

[modules.processing.memory] ERROR: Generic error executing volatility Traceback (most recent call last): File "/home/alex/cuckoo/modules/processing/memory.py", line 1047, in run results = vol.run() File "/home/alex/cuckoo/modules/processing/memory.py", line 960, in run if self.voptions.ssdt.enabled: AttributeError: Config instance has no attribute 'ssdt'

From what I can tell the Volatility 2.4 doesn't have the ssdt.py under volatility/plugins/malware/ as the memory.py module from Cuckoo implies. NOTE: one can check this here hxxps:// github.com/volatilityfoundation/volatility/tree/master/volatility/plugins/malware .

Volatility still has SSDT as a valid parameter, but this plugin (ssdt.py) is another location, volatility/plugins/ (in the top folder for plugins). Could this be the cause of the error above?

Thank you, Alex.

Reply to this email directly or view it on GitHub https://github.com/cuckoobox/cuckoo/issues/495.

Alex-Stamate commented 9 years ago

Thank you copeland, in truth one can do most of the stuff with Volatility 2.3 yet the change log for Cuckoo 1.2 says it should integrate with Volatility 2.4 - hence my question.

gaelmuller commented 9 years ago

It does not look like an error with volatility, but more regarding your configuration file. Did you update your configuration files when updating to Cuckoo 1.2 ?

Could you check that your config file "memory.conf" contains an "ssdt" section like the following:

[ssdt]
enabled = yes
filter = on
Alex-Stamate commented 9 years ago

Thanks a lot for the hint gaelmuller - this was it! We can close the thread.