search

ksanchezcld / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
1 stars 0 forks source link

sockscan fails #210

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
C:\Users\dmk\volatility>python vol.py -f ..\win7sp1x64.dmp --profile=Win7SP1x64 
sockscan
Volatile Systems Volatility Framework 2.1_alpha
 Offset(P)  PID    Port   Proto               Address        Create Time
---------- ------ ------ ------------------- -------------- 
--------------------------
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?
WARNING : volatility.obj      : Cant find object _ADDRESS_OBJECT in profile 
<volatility.plugins.overlays.windows.win7_sp1_x64.Win7SP1x64 object at 
0x00000000078B1780>?

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?
svn trunk
win7 sp1 x64

Please provide any additional information below.

Original issue reported on code.google.com by moltes...@gmail.com on 12 Feb 2012 at 8:22

GoogleCodeExporter commented 9 years ago 
This is a similar issue to 209, in that the _ADDRESS_OBJECT/_TCPT_OBJECT could 
not be found in the profile.  Marking this as a duplicate.

Original comment by mike.auty@gmail.com on 12 Feb 2012 at 8:55

GoogleCodeExporter commented 9 years ago 
On Windows 7 looks like no _ADDRESS_OBJECT and _TCPT_OBJECT's defined. Well, i 
not found these or similar structs in Win 7 DDK/SDK.

Original comment by moltes...@gmail.com on 12 Feb 2012 at 10:02