eve-mem
commented
1 year ago Would you mind doing this again with -vvvvv in the command line to see some errors.
Closed nenadcvele closed 6 months ago
eve-mem
commented
1 year ago Would you mind doing this again with -vvvvv in the command line to see some errors.
nenadcvele
commented
1 year ago This one is after I replaced ['http://msdl.microsoft.com/download/symbols'] with https link ['https://msdl.microsoft.com/download/symbols'] in /framework/symbols/windows. pdbconv.py on line 930
Volatility 3 Framework 1.0.0 INFO root : Volatility plugins path: ['D:\temp\volc\volatility3\plugins', 'D:\temp\volc\volatility3\framework\plugins'] INFO root : Volatility symbols path: ['D:\temp\volc\volatility3\symbols', 'D:\temp\volc\volatility3\framework\symbols'] INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: yarascan DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cachedump based on file: windows\cachedump INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.callbacks based on file: windows\callbacks DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.hashdump based on file: windows\hashdump DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.lsadump based on file: windows\lsadump INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.svcscan based on file: windows\svcscan INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: windows\vadyarascan INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'pefile' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.verinfo based on file: windows\verinfo INFO root : The following plugins could not be loaded (use -vv to see why): volatility3.plugins.windows.cachedump, volatility3.plugins.windows.callbacks, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.svcscan, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan Level 7 root : Cache directory used: C:\Users\user.cache\volatility3 INFO volatility3.framework.automagic: Detected a windows category plugin INFO volatility3.framework.automagic: Running automagic: ConstructionMagic Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info INFO volatility3.framework.automagic: Running automagic: LayerStacker Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, JarHandler Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsIntelStacker DEBUG volatility3.framework.automagic.windows: Self-referential pointer not in well-known location, moving to recent windows heuristic DEBUG volatility3.framework.automagic.windows: DTB was found at: 0x1ae000 Level 8 volatility3.framework.automagic.stacker: Stacked IntelLayer using WindowsIntelStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary.memory_layer Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['IntelLayer', 'FileLayer'] INFO volatility3.framework.automagic: Running automagic: WinSwapLayers INFO volatility3.framework.automagic: Running automagic: WintelHelper INFO volatility3.framework.automagic: Running automagic: KernelPDBScanner Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols DEBUG volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure DEBUG volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure INFO volatility3.framework.symbols.windows.pdbconv: Download PDB file... DEBUG volatility3.framework.symbols.windows.pdbconv: Attempting to retrieve https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/8F0F3D677778391600F4EB2301FFC7A51/ntkrnlmp.pdb Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols WARNING volatility3.framework.plugins: Automagic exception occurred: ssl.SSLError: [ASN1] nested asn1 error (_ssl.c:4004) Level 9 volatility3.framework.plugins: Traceback (most recent call last): File "D:\temp\volc\volatility3\framework\automagic__init.py", line 131, in run automagic(context, config_path, requirement, progress_callback) File "D:\temp\volc\volatility3\framework\automagic\pdbscan.py", line 301, in call__ self.recurse_symbol_fulfiller(context, valid_kernel, progress_callback) File "D:\temp\volc\volatility3\framework\automagic\pdbscan.py", line 103, in recurse_symbol_fulfiller PDBUtility.load_windows_symbol_table( File "D:\temp\volc\volatility3\framework\symbols\windows\pdbutil.py", line 78, in load_windows_symbol_table cls.download_pdb_isf(context, guid.upper(), age, pdb_name, progress_callback) File "D:\temp\volc\volatility3\framework\symbols\windows\pdbutil.py", line 192, in download_pdb_isf filename = pdbconv.PdbRetreiver().retreive_pdb(guid + str(age), ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\temp\volc\volatility3\framework\symbols\windows\pdbconv.py", line 937, in retreive_pdb result = resources.ResourceAccessor(progress_callback).open(url + suffix) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\temp\volc\volatility3\framework\layers\resources.py", line 93, in open fp = urllib.request.urlopen(url, context = self._context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 216, in urlopen return opener.open(url, data, timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 519, in open response = self._open(req, data) ^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 536, in _open result = self._call_chain(self.handle_open, protocol, protocol + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 496, in _call_chain result = func(*args) ^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 1391, in https_open return self.do_open(http.client.HTTPSConnection, req, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 1317, in do_open h = http_class(host, timeout=req.timeout, **http_conn_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\http\client.py", line 1421, in init context = ssl._create_default_https_context() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 775, in create_default_context context.load_default_certs(purpose) File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 596, in load_default_certs self._load_windows_store_certs(storename, purpose) File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 588, in _load_windows_store_certs self.load_verify_locations(cadata=certs) ssl.SSLError: [ASN1] nested asn1 error (_ssl.c:4004)
Unsatisfied requirement plugins.Info.nt_symbols: Windows kernel symbols
A symbol table requirement was not fulfilled. Please verify that: You have the correct symbol file for the requirement The symbol file is under the correct directory or zip file The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.Info.nt_symbols']
`Volatility 3 Framework 1.0.0 INFO root : Volatility plugins path: ['D:\temp\volc\volatility3\plugins', 'D:\temp\volc\volatility3\framework\plugins'] INFO root : Volatility symbols path: ['D:\temp\volc\volatility3\symbols', 'D:\temp\volc\volatility3\framework\symbols'] INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: yarascan DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cachedump based on file: windows\cachedump INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.callbacks based on file: windows\callbacks DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.hashdump based on file: windows\hashdump DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.lsadump based on file: windows\lsadump INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.svcscan based on file: windows\svcscan INFO volatility3.plugins.yarascan: Python Yara module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: windows\vadyarascan INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'pefile' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.verinfo based on file: windows\verinfo INFO root : The following plugins could not be loaded (use -vv to see why): volatility3.plugins.windows.cachedump, volatility3.plugins.windows.callbacks, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.svcscan, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan Level 7 root : Cache directory used: C:\Users\user.cache\volatility3 INFO volatility3.framework.automagic: Detected a windows category plugin INFO volatility3.framework.automagic: Running automagic: ConstructionMagic Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info INFO volatility3.framework.automagic: Running automagic: LayerStacker Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, JarHandler Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsIntelStacker DEBUG volatility3.framework.automagic.windows: Self-referential pointer not in well-known location, moving to recent windows heuristic DEBUG volatility3.framework.automagic.windows: DTB was found at: 0x1ae000 Level 8 volatility3.framework.automagic.stacker: Stacked IntelLayer using WindowsIntelStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.primary.memory_layer Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['IntelLayer', 'FileLayer'] INFO volatility3.framework.automagic: Running automagic: WinSwapLayers INFO volatility3.framework.automagic: Running automagic: WintelHelper INFO volatility3.framework.automagic: Running automagic: KernelPDBScanner Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols DEBUG volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure DEBUG volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure INFO volatility3.framework.symbols.windows.pdbconv: Download PDB file... DEBUG volatility3.framework.symbols.windows.pdbconv: Attempting to retrieve http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/8F0F3D677778391600F4EB2301FFC7A51/ntkrnlmp.pdb Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.nt_symbols WARNING volatility3.framework.plugins: Automagic exception occurred: ssl.SSLError: [ASN1] nested asn1 error (_ssl.c:4004) Level 9 volatility3.framework.plugins: Traceback (most recent call last): File "D:\temp\volc\volatility3\framework\automagic__init.py", line 131, in run automagic(context, config_path, requirement, progress_callback) File "D:\temp\volc\volatility3\framework\automagic\pdbscan.py", line 301, in call self.recurse_symbol_fulfiller(context, valid_kernel, progress_callback) File "D:\temp\volc\volatility3\framework\automagic\pdbscan.py", line 103, in recurse_symbol_fulfiller PDBUtility.load_windows_symbol_table( File "D:\temp\volc\volatility3\framework\symbols\windows\pdbutil.py", line 78, in load_windows_symbol_table cls.download_pdb_isf(context, guid.upper(), age, pdb_name, progress_callback) File "D:\temp\volc\volatility3\framework\symbols\windows\pdbutil.py", line 192, in download_pdb_isf filename = pdbconv.PdbRetreiver().retreive_pdb(guid + str(age), ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\temp\volc\volatility3\framework\symbols\windows\pdbconv.py", line 937, in retreive_pdb result = resources.ResourceAccessor(progress_callback).open(url + suffix) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\temp\volc\volatility3\framework\layers\resources.py", line 93, in open fp = urllib.request.urlopen(url, context = self._context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 216, in urlopen return opener.open(url, data, timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 525, in open response = meth(req, response) ^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 634, in http_response response = self.parent.error( ^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 557, in error result = self._call_chain(args) ^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 496, in _call_chain result = func(args) ^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 749, in http_error_302 return self.parent.open(new, timeout=req.timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 519, in open response = self._open(req, data) ^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 536, in _open result = self._call_chain(self.handle_open, protocol, protocol + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 496, in _call_chain result = func(*args) ^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 1391, in https_open return self.do_open(http.client.HTTPSConnection, req, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 1317, in do_open h = http_class(host, timeout=req.timeout, **http_conn_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\http\client.py", line 1421, in init__ context = ssl._create_default_https_context() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 775, in create_default_context context.load_default_certs(purpose) File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 596, in load_default_certs self._load_windows_store_certs(storename, purpose) File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 588, in _load_windows_store_certs self.load_verify_locations(cadata=certs) ssl.SSLError: [ASN1] nested asn1 error (_ssl.c:4004)
Unsatisfied requirement plugins.Info.nt_symbols: Windows kernel symbols
A symbol table requirement was not fulfilled. Please verify that: You have the correct symbol file for the requirement The symbol file is under the correct directory or zip file The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.Info.nt_symbols']`
digitalisx
commented
1 year ago Hello @nenadcvele,
The version of the framework reported as an error now seems to be a little different from the version of the framework of the latest upload log.
Could you please try the latest version of 2.4.0 and upload log?
nenadcvele
commented
1 year ago Sorry, here's the log with the latest version 2.4.0
Volatility 3 Framework 2.4.1 INFO volatility3.cli: Volatility plugins path: ['D:\temp\volc\volatility3\volatility3\plugins', 'D:\temp\volc\volatility3\volatility3\framework\plugins'] INFO volatility3.cli: Volatility symbols path: ['D:\temp\volc\volatility3\volatility3\symbols', 'D:\temp\volc\volatility3\volatility3\framework\symbols'] INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\yarascan.py DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cachedump based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\cachedump.py DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.hashdump based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\hashdump.py DEBUG volatility3.framework: No module named 'Crypto' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.lsadump based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\lsadump.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.mftscan based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\mftscan.py INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'pefile' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netscan based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\netscan.py INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'pefile' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netstat based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\netstat.py DEBUG volatility3.framework: No module named 'pefile' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.skeleton_key_check based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\skeleton_key_check.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.svcscan based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\svcscan.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'yara' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\vadyarascan.py INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: No module named 'pefile' DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.verinfo based on file: D:\temp\volc\volatility3\volatility3\framework\plugins\windows\verinfo.py INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.windows.cachedump, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.mftscan, volatility3.plugins.windows.netscan, volatility3.plugins.windows.netstat, volatility3.plugins.windows.skeleton_key_check, volatility3.plugins.windows.svcscan, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan Level 7 volatility3.cli: Cache directory used: C:\Users\user\AppData\Roaming\volatility3 INFO volatility3.framework.automagic: Detected a windows category plugin INFO volatility3.framework.automagic: Running automagic: ConstructionMagic Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic INFO volatility3.framework.automagic: Running automagic: LayerStacker Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsIntelStacker DEBUG volatility3.framework.automagic.windows: Detecting Self-referential pointer for recent windows DEBUG volatility3.framework.automagic.windows: DtbSelfRef64bit test succeeded at 0x1ae000 DEBUG volatility3.framework.automagic.windows: DTB was found at: 0x1ae000 Level 8 volatility3.framework.automagic.stacker: Stacked IntelLayer using WindowsIntelStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name.memory_layer Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None Level 9 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['IntelLayer', 'FileLayer'] INFO volatility3.framework.automagic: Running automagic: WinSwapLayers INFO volatility3.framework.automagic: Running automagic: KernelPDBScanner Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name DEBUG volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure DEBUG volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure DEBUG volatility3.framework.automagic.pdbscan: Setting kernel_virtual_offset to 0xf80014400000 INFO volatility3.framework.symbols.windows.pdbconv: Download PDB file... DEBUG volatility3.framework.symbols.windows.pdbconv: Attempting to retrieve http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/8F0F3D677778391600F4EB2301FFC7A51/ntkrnlmp.pdb INFO volatility3.framework.automagic: Running automagic: SymbolFinder INFO volatility3.framework.automagic: Running automagic: KernelModule Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name WARNING volatility3.framework.plugins: Automagic exception occurred: ssl.SSLError: [ASN1] nested asn1 error (_ssl.c:4004) Level 9 volatility3.framework.plugins: Traceback (most recent call last): File "D:\temp\volc\volatility3\volatility3\framework\automagic__init.py", line 138, in run automagic(context, config_path, requirement, progress_callback) File "D:\temp\volc\volatility3\volatility3\framework\automagic\pdbscan.py", line 448, in call self.recurse_symbol_fulfiller( File "D:\temp\volc\volatility3\volatility3\framework\automagic\pdbscan.py", line 123, in recurse_symbol_fulfiller PDBUtility.load_windows_symbol_table( File "D:\temp\volc\volatility3\volatility3\framework\symbols\windows\pdbutil.py", line 114, in load_windows_symbol_table cls.download_pdb_isf( File "D:\temp\volc\volatility3\volatility3\framework\symbols\windows\pdbutil.py", line 262, in download_pdb_isf filename = pdbconv.PdbRetreiver().retreive_pdb( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\temp\volc\volatility3\volatility3\framework\symbols\windows\pdbconv.py", line 960, in retreive_pdb with resources.ResourceAccessor(progress_callback).open( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\temp\volc\volatility3\volatility3\framework\layers\resources.py", line 139, in open fp = urllib.request.urlopen(url, context=self._context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 216, in urlopen return opener.open(url, data, timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 525, in open response = meth(req, response) ^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 634, in http_response response = self.parent.error( ^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 557, in error result = self._call_chain(args) ^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 496, in _call_chain result = func(args) ^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 749, in http_error_302 return self.parent.open(new, timeout=req.timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 519, in open response = self._open(req, data) ^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 536, in _open result = self._call_chain(self.handle_open, protocol, protocol + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 496, in _call_chain result = func(*args) ^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 1391, in https_open return self.do_open(http.client.HTTPSConnection, req, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\urllib\request.py", line 1317, in do_open h = http_class(host, timeout=req.timeout, **http_conn_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\http\client.py", line 1421, in init__ context = ssl._create_default_https_context() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 775, in create_default_context context.load_default_certs(purpose) File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 596, in load_default_certs self._load_windows_store_certs(storename, purpose) File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 588, in _load_windows_store_certs self.load_verify_locations(cadata=certs) ssl.SSLError: [ASN1] nested asn1 error (_ssl.c:4004)
Unsatisfied requirement plugins.Info.kernel.symbol_table_name:
A symbol table requirement was not fulfilled. Please verify that: The associated translation layer requirement was fulfilled You have the correct symbol file for the requirement The symbol file is under the correct directory or zip file The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.Info.kernel.symbol_table_name']
eve-mem
commented
1 year ago That's really interesting. Looks like an error when trying to connect to Microsoft and download the packages.
Is your connection normally behind a proxy or similar? Something that would inspect HTTPS traffic?
nenadcvele
commented
1 year ago I'm not behind proxy. It creates this folder \volatility3\volatility3\symbols\windows\ntkrnlmp.pdb but fails to download the file.
larrybeee
commented
1 year ago Hello, I git pulled last update 5 mins ago but still receive the same errore, does not seems to be related to HTTPS traffic as mentioned above though
python3 vol.py -vvvvvv -f /tmp/MEMORY.DMP windows.info Volatility 3 Framework 2.4.1 INFO volatility3.cli: Volatility plugins path: ['/opt/volatility3/volatility3/plugins', '/opt/volatility3/volatility3/framework/plugins'] INFO volatility3.cli: Volatility symbols path: ['/opt/volatility3/volatility3/symbols', '/opt/volatility3/volatility3/framework/symbols'] Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/plugins, /opt/volatility3/volatility3/framework/plugins INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: /opt/volatility3/volatility3/framework/plugins/yarascan.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: /opt/volatility3/volatility3/framework/plugins/windows/vadyarascan.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.svcscan based on file: /opt/volatility3/volatility3/framework/plugins/windows/svcscan.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.mftscan based on file: /opt/volatility3/volatility3/framework/plugins/windows/mftscan.py INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.windows.mftscan, volatility3.plugins.windows.svcscan, volatility3.plugins.windows.vadyarascan, volatility3.plugins.yarascan Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/automagic Level 7 volatility3.cli: Cache directory used: /root/.cache/volatility3 INFO volatility3.framework.automagic: Detected a windows category plugin Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers INFO volatility3.framework.automagic: Running automagic: ConstructionMagic Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Info INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /opt/volatility3/volatility3/symbols, /opt/volatility3/volatility3/framework/symbols INFO volatility3.framework.automagic: Running automagic: LayerStacker Level 6 volatility3.framework: Importing from the following paths: /opt/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 6 volatility3.framework.layers.elf: Exception: Bad magic 0x45474150 at file offset 0x0 Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /opt/volatility3/volatility3/symbols, /opt/volatility3/volatility3/framework/symbols Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /opt/volatility3/volatility3/symbols, /opt/volatility3/volatility3/framework/symbols Level 6 volatility3.framework.layers.crash: unsupported dump format 0x6 Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsIntelStacker DEBUG volatility3.framework.automagic.windows: Detecting Self-referential pointer for recent windows DEBUG volatility3.framework.automagic.windows: Max pointer for hit with test DtbSelfRef64bit not met: 0x24b1de600 > 0x3e4a968d DEBUG volatility3.framework.automagic.windows: Older windows fixed location self-referential pointers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['FileLayer'] INFO volatility3.framework.automagic: Running automagic: WinSwapLayers INFO volatility3.framework.automagic: Running automagic: KernelPDBScanner Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name INFO volatility3.framework.automagic.pdbscan: No suitable kernels found during pdbscan INFO volatility3.framework.automagic: Running automagic: SymbolFinder INFO volatility3.framework.automagic: Running automagic: KernelModule Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name
Unsatisfied requirement plugins.Info.kernel.layer_name: Unsatisfied requirement plugins.Info.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that: A file was provided to create this layer (by -f, --single-location or by config) The file exists and is readable The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that: The associated translation layer requirement was fulfilled You have the correct symbol file for the requirement The symbol file is under the correct directory or zip file The symbol file is named appropriately or contains the correct banner
Any help is appreciated
ikelos
commented
1 year ago I'm sorry I don't really have an update on this, but it does look to be an SSL related error when trying to download the symbols from Microsoft. It's possible there's some kind of an intercepting proxy between your machine and the internet (at work for instance) or some unusual certificate that it's having to read. Have you tried downloading the file (http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/8F0F3D677778391600F4EB2301FFC7A51/ntkrnlmp.pdb) and then running the pdbconv tool to convert it into a JSON file (as detailed in this section of the documentation)?
Ephemaral
commented
1 year ago Not sure if it'll be helpful (if it doesn't apologies in advance) but, using/being sudo worked for me
github-actions[bot]
commented
8 months ago This issue is stale because it has been open for 200 days with no activity.
github-actions[bot]
commented
6 months ago This issue was closed because it has been inactive for 60 days since being marked as stale.
Tried with both raw file from DumpIt and mem file from ftk imager. I'm getting this error when I run Get Process List:
Volatility 3 Framework 2.0.1 WARNING volatility3.framework.plugins: Automagic exception occurred: ssl.SSLError: [ASN1] nested asn1 error (_ssl.c:3992) Unsatisfied requirement plugins.PsList.kernel: Windows kernel Unable to validate the plugin requirements: ['plugins.PsList.kernel']
Volatility Version:
Operating System: Win 11 10.0.22621 Build 22621 Python Version: 3.11.0