search

myFengo2015 / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

TypeError concatenate 'str' and 'NoneType' objects in hive.py #425

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Running the timeliner plugin on a 64-bit Windows 7 SP1 memory image.

$ python vol.py --plugins=contrib/plugins -f memory.img --profile=Win7SP1x64 
timeliner --output=body --output-file=timeliner.txt -R

What is the expected output? What do you see instead?

*** Failed to import volatility.plugins.malware.zeusscan (ImportError: No 
module named zeusscan)
*** Failed to import volatility.plugins.malware.poisonivy (ImportError: No 
module named poisonivy)
Traceback (most recent call last):
  File "vol.py", line 186, in <module>
    main()
  File "vol.py", line 177, in main
    command.execute()
  File "/Users/jessek/Documents/volatility/trunk/volatility/commands.py", line 111, in execute
    func(outfd, data)
  File "/Users/jessek/Documents/volatility/trunk/contrib/plugins/timeliner.py", line 92, in render_body
    for line in data:
  File "/Users/jessek/Documents/volatility/trunk/contrib/plugins/timeliner.py", line 442, in calculate
    for lwtime, reg, item in regdata:
  File "/Users/jessek/Documents/volatility/trunk/volatility/plugins/registry/registryapi.py", line 262, in reg_get_all_keys
    for s in rawreg.subkeys(k):
  File "/Users/jessek/Documents/volatility/trunk/volatility/win32/rawreg.py", line 122, in subkeys
    if i.Signature.v() == NK_SIG:
  File "/Users/jessek/Documents/volatility/trunk/volatility/obj.py", line 532, in __getattr__
    result = self.dereference()
  File "/Users/jessek/Documents/volatility/trunk/volatility/obj.py", line 504, in dereference
    offset = self.v()
  File "/Users/jessek/Documents/volatility/trunk/volatility/obj.py", line 438, in v
    data = self.obj_vm.read(self.obj_offset, self.size())
  File "/Users/jessek/Documents/volatility/trunk/volatility/win32/hive.py", line 144, in read
    stuff_read = stuff_read + self.base.read(paddr, left_over)
TypeError: cannot concatenate 'str' and 'NoneType' objects

What version of the product are you using? On what operating system?

Trunk code, revision 3426.

Please provide any additional information below.

Original issue reported on code.google.com by jessekornblum on 24 May 2013 at 10:10

GoogleCodeExporter commented 8 years ago 
Just adding a note: This actually isn't actually a problem with timeliner, but 
is a bug in the registry code which is set to be refactored.

Original comment by jamie.l...@gmail.com on 11 Nov 2013 at 9:42

GoogleCodeExporter commented 8 years ago 
Issue 467 has been merged into this issue.

Original comment by jamie.l...@gmail.com on 9 Dec 2013 at 10:24

GoogleCodeExporter commented 8 years ago

Original comment by jamie.l...@gmail.com on 9 Dec 2013 at 10:25

GoogleCodeExporter commented 8 years ago 
combining all registry issues into one issue for easier tracking.

Original comment by jamie.l...@gmail.com on 7 Mar 2014 at 4:33