Error when I make profile in Window 8 Pro (64 bits)
Closed this issue · 1 comments
GoogleCodeExporter commented
I make my memory image with dumpit.
when I make, profile, I got this error.
I used Volatility 2.4 and I test upon Kali Linux.
The default version is 2.3.1 in Kali Linux so I download dedicated 2.4 version.
python vol.py -f '/media/L.P.ostaoak/mem/MADI/ACY-20140914-143336.raw' imageinfo
Volatility Foundation Volatility Framework 2.4
*** Failed to import volatility.plugins.malware.apihooks (NameError: name
'distorm3' is not defined)
*** Failed to import volatility.plugins.ssdt (NameError: name 'distorm3' is not
defined)
*** Failed to import volatility.plugins.mac.apihooks_kernel (ImportError: No
module named distorm3)
*** Failed to import volatility.plugins.linux.apihooks (ImportError: No module
named distorm3)
*** Failed to import volatility.plugins.malware.threads (NameError: name
'distorm3' is not defined)
*** Failed to import volatility.plugins.mac.check_syscall_shadow (ImportError:
No module named distorm3)
*** Failed to import volatility.plugins.mac.apihooks (ImportError: No module
named distorm3)
Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with Win8SP1x64)
AS Layer1 : AMD64PagedMemory (Kernel AS)
AS Layer2 : FileAddressSpace (/media/L.P.ostaoak/mem/MADI/ACY-20140914-143336.raw)
PAE type : No PAE
DTB : 0x1aa000L
KUSER_SHARED_DATA : 0xfffff78000000000L
Image date and time : 2014-09-14 11:23:49 UTC+0000
Image local date and time : 2014-09-14 17:53:49 +0630
===========================================
And then I make kdbgscan again,
python vol.py -f '/media/L.P.ostaoak/mem/MADI/ACY-20140914-143336.raw' kdbgscan
Volatility Foundation Volatility Framework 2.4
*** Failed to import volatility.plugins.malware.apihooks (NameError: name
'distorm3' is not defined)
*** Failed to import volatility.plugins.ssdt (NameError: name 'distorm3' is not
defined)
*** Failed to import volatility.plugins.mac.apihooks_kernel (ImportError: No
module named distorm3)
*** Failed to import volatility.plugins.malware.threads (NameError: name
'distorm3' is not defined)
*** Failed to import volatility.plugins.linux.apihooks (ImportError: No module
named distorm3)
*** Failed to import volatility.plugins.mac.check_syscall_shadow (ImportError:
No module named distorm3)
*** Failed to import volatility.plugins.mac.apihooks (ImportError: No module
named distorm3)
But I cannot get any results for this.
Please help to fix my errors. Why is that ?
Original issue reported on code.google.com by sagittar...@gmail.com
on 16 Sep 2014 at 5:18
GoogleCodeExporter commented
Windows 8/2012 x64 analysis requires distorm3. Please see:
https://github.com/volatilityfoundation/volatility/wiki/Windows-8-2012
Also, we do not use Google Code anymore, so future issues will not be seen
here. Please use the new GitHub site:
https://github.com/volatilityfoundation/volatility/issues
Original comment by michael.hale@gmail.com
on 18 Sep 2014 at 4:53
- Changed state: Invalid