search

tomchop / volatility-autoruns

Autoruns plugin for the Volatility framework
GNU General Public License v2.0
118 stars 20 forks source link

autoruns.py not working #4

Closed Arvandor closed 9 years ago

Arvandor commented 9 years ago

I put autoruns in the contrib/plugins directory (where I have other working plugins, such as mimikatz,) but when I try to run autoruns, I get the following output

Volatility Foundation Volatility Framework 2.4 Traceback (most recent call last): File "/usr/share/volatility/vol.py", line 192, in main() File "/usr/share/volatility/vol.py", line 174, in main command = cmdsmodule File "/usr/share/volatility/contrib/plugins/autoruns.py", line 133, in init hivelist.HiveList.init(self, config, _args, *_kwargs) File "/usr/lib/python2.7/dist-packages/volatility/plugins/common.py", line 50, in init help = "Skip unallocated objects (e.g. 0xbad0b0b0)") File "/usr/lib/python2.7/dist-packages/volatility/conf.py", line 363, in add_option self.optparser.add_option("-{0}".format(short_option), "--{0}".format(option), **args) File "/usr/lib/python2.7/optparse.py", line 1020, in add_option self._check_conflict(option) File "/usr/lib/python2.7/optparse.py", line 995, in _check_conflict option) optparse.OptionConflictError: option -W/--show-unallocated: conflicting option string(s): -W

tomchop commented 9 years ago

There seems to be conflicting options (in this case -W, inherited from the HiveList plugins) with some other plugin in your plugin folder. What happens if you run the plugin from its own directory?

Arvandor commented 9 years ago

Aha, that seemed to work. I'll have to keep that in mind with third party plugins, that I can't just dump them all in the same folder.

It does throw this error, though WARNING : volatility.obj : NoneObject as string: Value data is unreadable but it still seems to work

On Tue, Mar 17, 2015 at 9:06 AM, Thomas Chopitea notifications@github.com wrote:

There seems to be conflicting options (in this case -W, inherited from the HiveList plugins) with some other plugin in your plugin folder. What happens if you run the plugin from its own directory?

— Reply to this email directly or view it on GitHub https://github.com/tomchop/volatility-autoruns/issues/4#issuecomment-82397210 .

tomchop commented 9 years ago

I think that's a common problem when trying to read keys that don't exist. I'll have to try/catch my way around it.

On Tue, Mar 17, 2015 at 6:43 PM, Arvandor notifications@github.com wrote:

Aha, that seemed to work. I'll have to keep that in mind with third party plugins, that I can't just dump them all in the same folder.

It does throw this error, though WARNING : volatility.obj : NoneObject as string: Value data is unreadable but it still seems to work

On Tue, Mar 17, 2015 at 9:06 AM, Thomas Chopitea <notifications@github.com

wrote:

There seems to be conflicting options (in this case -W, inherited from the HiveList plugins) with some other plugin in your plugin folder. What happens if you run the plugin from its own directory?

— Reply to this email directly or view it on GitHub < https://github.com/tomchop/volatility-autoruns/issues/4#issuecomment-82397210

.

— Reply to this email directly or view it on GitHub https://github.com/tomchop/volatility-autoruns/issues/4#issuecomment-82494693 .

Thomas Chopitea

Arvandor commented 9 years ago

Yes indeed!

Thank you for the prompt help! I've been meaning to write some kind of script to take care of this very thing... it somehow hadn't even occurred to me to make it a plugin, duh. Always happy not to reinvent the wheel though, glad I found this!

On Tue, Mar 17, 2015 at 11:49 AM, Thomas Chopitea notifications@github.com wrote:

I think that's a common problem when trying to read keys that don't exist. I'll have to try/catch my way around it.

On Tue, Mar 17, 2015 at 6:43 PM, Arvandor notifications@github.com wrote:

Aha, that seemed to work. I'll have to keep that in mind with third party plugins, that I can't just dump them all in the same folder.

It does throw this error, though WARNING : volatility.obj : NoneObject as string: Value data is unreadable but it still seems to work

On Tue, Mar 17, 2015 at 9:06 AM, Thomas Chopitea < notifications@github.com

wrote:

There seems to be conflicting options (in this case -W, inherited from the HiveList plugins) with some other plugin in your plugin folder. What happens if you run the plugin from its own directory?

— Reply to this email directly or view it on GitHub <

https://github.com/tomchop/volatility-autoruns/issues/4#issuecomment-82397210

.

— Reply to this email directly or view it on GitHub < https://github.com/tomchop/volatility-autoruns/issues/4#issuecomment-82494693

.

Thomas Chopitea

— Reply to this email directly or view it on GitHub https://github.com/tomchop/volatility-autoruns/issues/4#issuecomment-82496113 .

tomchop commented 9 years ago

Glad it helped you!