search

tthtlc / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

error printkey volatility 2.3.1 #467

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
i get error message when use printkey

Output: 
./vol.py -f xp.mem --profile=WinXPSP2x86 printkey -K 
"Microsoft\Windows\CurrentVersion\Run"
    Volatility Foundation Volatility Framework 2.3.1
    Legend: (S) = Stable   (V) = Volatile

    ----------------------------
    Registry: \Device\HarddiskVolume1\WINDOWS\system32\config\software
    Key name: Run (S)
    Last updated: 2013-11-10 14:44:22 UTC+0000

    Subkeys:

    Values:
    Traceback (most recent call last):
      File "/usr/local/bin/vol.py", line 5, in <module>
        pkg_resources.run_script('volatility==2.3.1', 'vol.py')
      File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 499, in run_script
        self.require(requires)[0].run_script(script_name, ns)
      File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1235, in run_script
        execfile(script_filename, namespace, namespace)
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 184, in <module>
        main()
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 175, in main
        command.execute()
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/commands.py", line 122, in execute
        func(outfd, data)
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/plugins/registry/printkey.py", line 95, in render_text
        for reg, key in data:
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/plugins/registry/printkey.py", line 85, in calculate
        yield name, rawreg.open_key(root, self._config.KEY.split('\\'))
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/win32/rawreg.py", line 89, in open_key
        debug.debug("Couldn't find subkey {0} of {1}".format(keyname, root.Name), 1)
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/plugins/overlays/basic.py", line 95, in __format__
        return format(self.__str__(), formatspec)
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/plugins/overlays/basic.py", line 86, in __str__
        return unicode(self).encode('ascii', 'replace') or ""
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/plugins/overlays/basic.py", line 92, in __unicode__
        return self.v().decode(self.encoding, 'replace').split("\x00", 1)[0] or u''
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/plugins/overlays/basic.py", line 70, in v
        result = self.obj_vm.zread(self.obj_offset, self.length)
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/win32/hive.py", line 150, in zread
        return self.read(addr, length, True)
      File "/usr/local/lib/python2.7/dist-packages/volatility-2.3.1-py2.7.egg/volatility/win32/hive.py", line 146, in read
        stuff_read = stuff_read + self.base.read(paddr, left_over)
    TypeError: cannot concatenate 'str' and 'NoneType' objects

What version of the product are you using? On what operating system?
volatility 2.3.1 in ubuntu 12.04

Original issue reported on code.google.com by junkcoo...@gmail.com on 9 Dec 2013 at 3:52

GoogleCodeExporter commented 9 years ago

Original comment by jamie.l...@gmail.com on 9 Dec 2013 at 10:24

GoogleCodeExporter commented 9 years ago 
in precise
but 2.2 very well in precise

Original comment by ray0...@gmail.com on 13 Dec 2013 at 10:41