VolExplorer not working with Volatility2 #1
Comments
|
That's volatility 2, right? I had an issue with that on specific windows
version, I think I have the fix branch locally somewhere :/
What is the os version?
…On Tue, Feb 21, 2023, 4:57 PM Leonardo van de Weteringh < ***@***.***> wrote:
No handlers could be found for logger "volatility.debug"
GL & HF <3 ATZ
Traceback (most recent call last):
File ".\volexp.py", line 15211, in
main()
File ".\volexp.py", line 15203, in main
my_ve.render_text(None, ve_calc, root)
File ".\volexp.py", line 13562, in render_text
for process, pid, ppid, cpu, pb, ws, Description, cn, dep, aslr, cfg,
protection, isDebug, Prefetch, threads, handles, un, session, noh, sc, pfc,
di, it, cs, winStatus, integrity, priority, ct, cycles, wsp, ppd, pwss, vs,
pvs, createT, intName, ofn, wt, cl, path, cd, version, e_proc in data:
File ".\volexp.py", line 13471, in calculate
if int(self.kaddr_space.profile.metadata.get('major')) > 5 and
int(self.kaddr_space.profile.metadata.get('minor')) > 1 and
e_proc.Protection.Type > 0: #e_proc.Protection.Type==1:
PsProtectionSingUntyMalwareLight, if 2 then is stronget and if 0 then no
protection:###e_proc.Flag2&0x800 6.0-6.1#find protected process #
_proc.Protection.Type==1: PsProtectionSingUntyMalwareLight, if 2 then is
stronget and if 0 then no protection ###e_proc.Flag2&0x800 6.0-6.1and
hasattr(e_proc, "Protection")
File "C:\volatility\V2Exp\volatility\obj.py", line 751, in *getattr*
return self.m(attr)
File "C:\volatility\V2Exp\volatility\obj.py", line 733, in m
raise AttributeError("Struct {0} has no member {1}".format(self.obj_name,
attr))
AttributeError: Struct _EPROCESS has no member Protection
Then the LoadScreen keeps looping and nothing happens.
~ LvdW
—
Reply to this email directly, view it on GitHub
<#1>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AOWFQPMOUSLTUU64WVCQA2LWYTJT3ANCNFSM6AAAAAAVDE2KNM>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No handlers could be found for logger "volatility.debug"
GL & HF <3 ATZ
Traceback (most recent call last):
File ".\volexp.py", line 15211, in
main()
File ".\volexp.py", line 15203, in main
my_ve.render_text(None, ve_calc, root)
File ".\volexp.py", line 13562, in render_text
for process, pid, ppid, cpu, pb, ws, Description, cn, dep, aslr, cfg, protection, isDebug, Prefetch, threads, handles, un, session, noh, sc, pfc, di, it, cs, winStatus, integrity, priority, ct, cycles, wsp, ppd, pwss, vs, pvs, createT, intName, ofn, wt, cl, path, cd, version, e_proc in data:
File ".\volexp.py", line 13471, in calculate
if int(self.kaddr_space.profile.metadata.get('major')) > 5 and int(self.kaddr_space.profile.metadata.get('minor')) > 1 and e_proc.Protection.Type > 0: #e_proc.Protection.Type==1: PsProtectionSingUntyMalwareLight, if 2 then is stronget and if 0 then no protection:###e_proc.Flag2&0x800 6.0-6.1#find protected process # _proc.Protection.Type==1: PsProtectionSingUntyMalwareLight, if 2 then is stronget and if 0 then no protection ###e_proc.Flag2&0x800 6.0-6.1and hasattr(e_proc, "Protection")
File "C:\volatility\V2Exp\volatility\obj.py", line 751, in getattr
return self.m(attr)
File "C:\volatility\V2Exp\volatility\obj.py", line 733, in m
raise AttributeError("Struct {0} has no member {1}".format(self.obj_name, attr))
AttributeError: Struct _EPROCESS has no member Protection
Then the LoadScreen keeps looping and nothing happens.
~ LvdW
What I did is install the following packages:
distorm3
yara
pycrypto
pillow
openpyxl
pytz
ipython
capstone
ujson==1.35
tkkthemes
Let me know if I am doing something wrong.
I have tried with both the .exe and the normal .py to run it, same results.
The text was updated successfully, but these errors were encountered: