ShiverZm
commented
2 years ago i use hollowfind plugin,and met this problem,please see for my problem. thanks a lot!!!
Open ShiverZm opened 2 years ago
ShiverZm
commented
2 years ago i use hollowfind plugin,and met this problem,please see for my problem. thanks a lot!!!
[enviroment] win10 [cmd] PS D:\workspace\2013\Github\volatility-master\volatility-master> python27.exe .\vol.py -f D:\workspace\vms\windows_10_business_editions_version_1903_x64_dvd_e001dd2c.iso\windows_10_business_editions_version_1903_x64_dvd_e001dd2c.iso-6f11cc0a.vmem --profile=Win10x64_18362 hollowfind
Volatility Foundation Volatility Framework 2.6.1 Traceback (most recent call last): File ".\vol.py", line 192, in
main()
File ".\vol.py", line 183, in main
command.execute()
File "D:\workspace\2013\Github\volatility-master\volatility-master\volatility\commands.py", line 147, in execute
func(outfd, data)
File "D:\workspace\2013\Github\volatility-master\volatility-master\volatility\plugins\hollowfind.py", line 206, in render_text
for (hol_proc_peb_info, hol_proc_vad_info, hol_pid, hol_type, similar_procs, parent_proc_info) in data:
File "D:\workspace\2013\Github\volatility-master\volatility-master\volatility\plugins\hollowfind.py", line 179, in calculate
self.update_proc_peb_info(psdata)
File "D:\workspace\2013\Github\volatility-master\volatility-master\volatility\plugins\hollowfind.py", line 50, in update_proc_peb_info
self.proc_peb_info[pid].extend([str(proc_cmd_line),
UnboundLocalError: local variable 'proc_cmd_line' referenced before assignment