mkarimim / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

ConfObject Plugin Commandline Issues #488

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I have developed a custom script for triage that includes volatility.  My 
script has command-line arguments to disable functionality and point to 
applications.  However, when I implement: 

import volatility.conf as conf
config = conf.ConfObject()
registry.register_global_options(config, commands.Commnd)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options() #parse options file

I get an error because the flags I utilized on my own script are getting passed 
to Volatility.  Not sure if there is a way around this as it looks like 
parse_options() reads from both the command-line and a file.  I need it to read 
from the config file (memscan involved), but not the commandline.

What version of the product are you using? On what operating system?
Windows 7 SP1 x64, Volatility 2.3.1.3543(T)

Original issue reported on code.google.com by crazydah...@gmail.com on 14 Mar 2014 at 3:49

GoogleCodeExporter commented 8 years ago
Ikelos, do you have any thoughts? 

Original comment by michael.hale@gmail.com on 17 Mar 2014 at 7:06

GoogleCodeExporter commented 8 years ago
Hiya, I'm afraid the ConfObject was taken from PyFLAG (as the header attests) 
and will always read from the command line.

The best options available are to either subclass this and override the 
parse_args function, or copy the code from there and try to use it directly.  
It's not an ideal solution, but unfortunately, that's the way the codebase 
currently works.

Another possible workaround would be to temporarily stash sys.argv in a 
different variable, set it to [] before calling parse_options, then reset it 
afterwards so that your code will still see the original command line, whilst 
volatility will only see the blank commandline...

I hope one of those works, sorry we didn't envisage this use case when we first 
made the config system.

Original comment by mike.auty@gmail.com on 20 Mar 2014 at 8:25

GoogleCodeExporter commented 8 years ago
setting sys.argv = [] after processing the main script's args and before 
creating the volatility conf.ConfObject() seems to work fine. thanks mike! 

Original comment by michael.hale@gmail.com on 27 Mar 2014 at 4:14