search

mj-5 / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

Cant run volatility command Pslist from Eclipse(python IDE) #526

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. I am using this python code in Eclipse 
https://code.google.com/p/volatility/wiki/VolatilityUsage23#Using_Volatility_as_
a_Library
2. I am getting this error 
raise error
volatility.exceptions.AddrSpaceError: No suitable address space mapping found
Tried to open image as:
 MachOAddressSpace: mac: need base
 LimeAddressSpace: lime: need base
 WindowsHiberFileSpace32: No base Address Space
 WindowsCrashDumpSpace64BitMap: No base Address Space
 VMWareMetaAddressSpace: No base Address Space
 WindowsCrashDumpSpace64: No base Address Space
 HPAKAddressSpace: No base Address Space
 VirtualBoxCoreDumpElf64: No base Address Space
 VMWareAddressSpace: No base Address Space
 QemuCoreDumpElf: No base Address Space
 WindowsCrashDumpSpace32: No base Address Space
 AMD64PagedMemory: No base Address Space
 IA32PagedMemoryPae: No base Address Space
 IA32PagedMemory: No base Address Space
 OSXPmemELF: No base Address Space
 FileAddressSpace: Location is not of file scheme
 ArmAddressSpace: No base Address Space

What is the expected output? What do you see instead?

volatility works fine in command prompt when i use this command " python vol.py 
-f memdump.mem --profile=Win8SP0x64 pslist"
output of this command is:
Offset(V)  Name                    PID   PPID   Thds     Hnds   Sess  Wow64 
Start                          Exit
---------- -------------------- ------ ------ ------ -------- ------ ------ 
------------------------------ ------------------------------
0x810b1660 System                    4      0     59      179 ------      0
0xff2ab020 smss.exe                544      4      3       21 ------      0 
2010-08-11 06:06:21 UTC+0000
0xff1ecda0 csrss.exe               608    544     11      400      0      0 
2010-08-11 06:06:23 UTC+0000
0xff1ec978 winlogon.exe            632    544     22      519      0      0 
2010-08-11 06:06:23 UTC+0000
0xff247020 services.exe            676    632     16      268      0      0 
2010-08-11 06:06:24 UTC+0000
0xff255020 lsass.exe               688    632     22      348      0      0 
2010-08-11 06:06:24 UTC+0000
0xff218230 vmacthlp.exe            844    676      1       24      0      0 
2010-08-11 06:06:24 UTC+0000
0x80ff88d8 svchost.exe             856    676     19      321      0      0 
2010-08-11 06:06:24 UTC+0000
0xff217560 svchost.exe             936    676      9      261      0      0 
2010-08-11 06:06:24 UTC+0000
0x80fbf910 svchost.exe            1028    676     87     1394      0      0 
2010-08-11 06:06:24 UTC+0000
0xff22d558 svchost.exe            1088    676      7       81      0      0 
2010-08-11 06:06:25 UTC+0000
0xff203b80 svchost.exe            1148    676     15      212      0      0 
2010-08-11 06:06:26 UTC+0000
0xff1d7da0 spoolsv.exe            1432    676     15      137      0      0 
2010-08-11 06:06:26 UTC+0000
0xff1b8b28 vmtoolsd.exe           1668    676      6      222      0      0 
2010-08-11 06:06:35 UTC+0000
0xff1fdc88 VMUpgradeHelper        1788    676      5      100      0      0 
2010-08-11 06:06:38 UTC+0000
0xff143b28 TPAutoConnSvc.e        1968    676      5      100      0      0 
2010-08-11 06:06:39 UTC+0000
0xff25a7e0 alg.exe                 216    676      7      110      0      0 
2010-08-11 06:06:39 UTC+0000
0xff364310 wscntfy.exe             888   1028      1       27      0      0 
2010-08-11 06:06:49 UTC+0000
0xff38b5f8 TPAutoConnect.e        1084   1968      1       61      0      0 
2010-08-11 06:06:52 UTC+0000
0x80f60da0 wuauclt.exe            1732   1028      7      178      0      0 
2010-08-11 06:07:44 UTC+0000
0xff3865d0 explorer.exe           1724   1708     13      309      0      0 
2010-08-11 06:09:29 UTC+0000
0xff3667e8 VMwareTray.exe          432   1724      1       49      0      0 
2010-08-11 06:09:31 UTC+0000
0xff374980 VMwareUser.exe          452   1724      8      203      0      0 
2010-08-11 06:09:32 UTC+0000
0x80f94588 wuauclt.exe             468   1028      5      134      0      0 
2010-08-11 06:09:37 UTC+0000
0xff1f6da0 1e0f1b9b697ab49         476   1724      0 --------      0      0 
2010-08-15 19:21:25 UTC+0000   2010-08-15 19:21:27 UTC+0000
0x80f1b020 cmd.exe                1572    476      0 --------      0      0 
2010-08-15 19:21:27 UTC+0000   2010-08-15 19:21:27 UTC+0000
0xff3b1d78 cmd.exe                 212   1668      0 --------      0      0 
2010-08-15 19:22:11 UTC+0000   2010-08-15 19:22:11 UTC+0000
0xff3802c8 VMip.exe                180    212      0 --------      0      0 
2010-08-15 19:22:11 UTC+0000   2010-08-15 19:22:11 UTC+0000

What version of the product are you using? On what operating system?
I am using Volatility 2.4.win32 on windows 8.1 64 bit

Please provide any additional information below.

Original issue reported on code.google.com by aleey.c...@gmail.com on 13 May 2015 at 2:35

GoogleCodeExporter commented 8 years ago

Original comment by mike.auty@gmail.com on 13 May 2015 at 7:26