Lack of distorm3 installation silently fails

[GoogleCodeExporter]

What steps will reproduce the problem?
1. client machine with distorm3 not installed
2. python vol.py -h 

What is the expected output? What do you see instead?
Command generates help without showing any error message regarding a lack of 
distorm3 being installed.

What version of the product are you using? On what operating system?
Volatility r3210

Please provide any additional information below.
It might be better for vol.py or maybe malfind.py to generate a warning message 
regarding distorm3 not being installed?

Original issue reported on code.google.com by carl.pulley on 29 Mar 2013 at 11:43

[GoogleCodeExporter]

Hiya,

So there shouldn't be error messages without distorm3, because a huge number of 
the plugins work just fine without it, at best they should be warning messages 
(which I've made more explicit in the attached patch), but again that should 
only be if a plugin will not work without it.

It there are plugins where it might be nice to have, it should be up to the 
plugin to inform the user that they might get better results by installing it.

@MHL, it looks like apihooks has a hard dependency (possibly some others do 
too).  My only concern with just leaving them to import distorm3 and then let 
the registry handle their failure to import is that it'll end up giving lots 
and lots of error messages for people who don't have distorm3 installed.  
Distorm3 does't really follow standard packaging rules (they don't say which 
versions of python their windows builds are built for, and the source will need 
compiling for linux users, so it's not a straight unzip in the right place job) 
and the packages aren't necessarily easily available on most distributions.

It's a judgement call, I think overall for the majority of users the current 
strategy is the best, but if we decide to go for something else, it should be 
failing to import without distorm3 to maintain consistency with pycrypto.

Original comment by mike.auty@gmail.com on 30 Mar 2013 at 1:38

Attachments:

• volatility-registry-warning.patch

[GoogleCodeExporter]

Yeah, some plugins have hard dependencies on distorm3 (like apihooks, impscan) 
which don't work at all when the module isn't installed. There are others like 
threads and malfind which work without distorm3, but could work better with it 
installed. For example malfind still identifies the bad memory regions and 
prints a hex dump, but with distorm3 installed, you also get a disassembly. So 
for those few "soft dependency" plugins I put a debug.warning() message to 
remind the user. 

Original comment by michael.hale@gmail.com on 9 Apr 2013 at 2:34

[GoogleCodeExporter]

This issue was closed by revision r3356.

Original comment by michael.hale@gmail.com on 9 Apr 2013 at 2:34

• Changed state: Fixed