Screenshot-plugin does not display windows title

[GoogleCodeExporter]

cmd-line:

C:\Micha\Forensics\Volatility-2.2a>python vol.py screenshot -f 
D:\X-Ways-Images\RAMHans_RipperFRES_Truecrypt.001 --dump-dir C:\temp\VolDump

In version 1.4 I had to adapt wndmon.py to display windows titles under a 
Windows based analysis system and everything worked fine:

#font = pygame.font.Font('tahoma.ttf', 12)
#fontb = pygame.font.Font('tahomabd.ttf', 12)
font = pygame.font.Font('c:\\Windows\\Fonts\\tahoma.ttf', 12)
fontb = pygame.font.Font('c:\\Windows\\Fonts\\tahomabd.ttf', 12)

Version 2.2_alpha creates more images (I assume one for each window) but does 
not write the windows title in the headline. In my first approach  I was not 
able to find a similar code structure like shown above to solve that problem.

What went wrong?

CU

Mic

Original issue reported on code.google.com by MichaelF...@gmx.net on 6 Sep 2012 at 7:29

[GoogleCodeExporter]

output:

Volatile Systems Volatility Framework 2.2_alpha
Wrote C:\temp\VolDump\session_0.Service-0x0-3e5$.Default.png
Wrote C:\temp\VolDump\session_0.SAWinSta.SADesktop.png
Wrote C:\temp\VolDump\session_0.WinSta0.Default.png
Wrote C:\temp\VolDump\session_0.WinSta0.Disconnect.png
Wrote C:\temp\VolDump\session_0.WinSta0.Winlogon.png
Wrote C:\temp\VolDump\session_0.Service-0x0-3e7$.Default.png
Wrote C:\temp\VolDump\session_0.Service-0x0-3e4$.Default.png

Original comment by MichaelF...@gmx.net on 6 Sep 2012 at 7:32

[GoogleCodeExporter]

Original comment by MichaelF...@gmx.net on 6 Sep 2012 at 7:34

Attachments:

• VolDump.zip

[GoogleCodeExporter]

output of Version 1.4

Original comment by MichaelF...@gmx.net on 6 Sep 2012 at 7:42

Attachments:

• Screenshot_V_1.4.jpg

[GoogleCodeExporter]

Hey Michael, thanks for the message. In the release notes for this plugin 
(which haven't been published since the plugin hasn't been released yet), 
there's a notice about it not labeling buttons and toolbars like the original 
version. However the new version takes screenshots of all desktops instead of 
just one, and it works on all other systems instead of just XP. So hang tight 
and we'll get the labeling added back probably the release after next. 

Original comment by michael.hale@gmail.com on 6 Sep 2012 at 1:16

[GoogleCodeExporter]

Hey Michael, thanks for the reply. So I'll sit and wait for the return of the 
labels (or use some old stuff for XP meanwhile because I really miss that 
little text)
So it's correct that the screenshots are completely blank currently?
Never mind and best regards to all suppliers of Volatility. It has gone giant 
leaps since my first use of 1.3...

CU

Mic

Original comment by MichaelF...@gmx.net on 6 Sep 2012 at 7:58

[GoogleCodeExporter]

Michael, 

They're not all completely blank (see attached image which came from your zip). 
The ones that *are* completely blank are blank because there are no visible 
windows in those desktops. 

Original comment by michael.hale@gmail.com on 6 Sep 2012 at 9:47

Attachments:

• session_0.WinSta0.Default.png

[GoogleCodeExporter]

Michael, I've applied a patch to the 2.3-devel branch 
(http://code.google.com/p/volatility/source/detail?r=2611) 

Can you checkout the 2.3-devel branch and let me know if the screenshot app is 
working better? Alternately here is a patch for 2.2 (trunk). 

Original comment by michael.hale@gmail.com on 27 Sep 2012 at 11:43

Attachments:

• screenshot_labels.patch

[GoogleCodeExporter]

I'm going to consider this closed due to the patch, Michael. Feel free to 
re-open it if you have further issues. 

Original comment by michael.hale@gmail.com on 28 Sep 2012 at 2:30

• Changed state: Fixed