search

yexihu / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

sockets plugin breaks on XP SP3 32 bit #16

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
root@newubuntu:~/vol# python volatility.py sockets -f winXP-32-SP3.vmem 
--profile=WinXPSP3
Volatile Systems Volatility Framework 1.4_rc1
Pid    Port   Proto  Create Time
Traceback (most recent call last):
  File "volatility.py", line 138, in <module>
    main()
  File "volatility.py", line 129, in main
    command.execute()
  File "/home/x/vol/volatility/commands.py", line 96, in execute
    func(outfd, data)
  File "/home/x/vol/plugins/internal/sockets.py", line 32, in render_text
    for sock in data:
  File "/home/x/vol/volatility/win32/network.py", line 140, in determine_sockets
    while sock.is_valid():
AttributeError: 'NoneType' object has no attribute 'is_valid'

*************

I believe this may just be a logic error somewhere, because the machine was 
rebooted fresh and then frozen to get the .vmem meaning there was no sockets

Original issue reported on code.google.com by atc...@gmail.com on 26 Aug 2010 at 1:19

GoogleCodeExporter commented 9 years ago 
I filed the recent list of bugs and now I am looking at the code related to 
them. Based on seeing where this error comes from it seems like it might be a 
result of the same problems as issue 6. just close as duplicate if it is

http://code.google.com/p/volatility/issues/detail?id=6

Original comment by atc...@gmail.com on 26 Aug 2010 at 1:55

GoogleCodeExporter commented 9 years ago 
Yep, this is also because the tcpip.sys offsets are currently hardcoded and 
need to be moved (probably to a VolatiltiyMagic object).  Marking as a 
duplicate.

Original comment by mike.auty@gmail.com on 26 Aug 2010 at 11:18