Getting error message "Use of uninitialized value $list in pattern match (m//) at PERL2EXE_STORAGE" when using several RR 4.0 plugins that use the module "utf8_heavy.pl" #1
Comments
|
I'm not seeing that on any of my test files, and I don't have access to the files you're using. Sorry. |
|
Also, from what you sent, I'm not seeing that this is preventing the plugin from running, nor does it seem to be producing spurious outputs. |
|
In that case, it sounds like the issue is indeed with the registry hives that I'm feeding to the RegRipper plugins, rather than with the RR plugins themselves or the Perl module that they all are using. Also, like you said, this warning message doesn't appear to be preventing the associated plugins from running. As such, since you aren't getting the same results when using any of your test files, I can only conclude that the problem is likely with my specific registry hives. Therefore I'll just live with the error messages that are showing up in the logs. Regards! |
|
I don't know that that's the case...I haven't seen the hives. It could be an issue with the plugins or something they call. So let me ask you this...why are you running that plugin? Why not simply move it to another folder, or rename it to fileless.p_? It's not so much about the messages you're receiving, but rather asking, why are you running that plugin? |
|
My apologies, I was just using the "fileless.pl" plugin as an example. FYI, I'm also seeing this warning pop up when running the current "shares.pl" plugin, as well as the deprecated plugins "mspaper.pl", "internet_settings_cu.pl", and "internet_explorer_cu.pl". If it would be helpful, I could post some of the example output that get when running those plugins. |
|
I think I've seen the example output. I'll take a look on my end, but like I've said before, I don't have access to the data that you're using. |
|
Understood. Many thanks! BTW, below is a summary of the errors and warnings I've been receiving when executing various current Current Plugin Warning Messages
Deprecated Plugin Warning Messages
Deprecated Plugin Error Messages
I can post full examples showing the actual output of each plugin run attempt if that would be However, I obviously cannot expect that any action would (or even should), be taken to resolve |
Hello, FYI, I'm getting the following error message whenever I run any RegRipper 4.0 plugin which calls the associated Perl module:
Use of uninitialized value $list in pattern match (m//) at PERL2EXE_STORAGE/utf8_heavy.pl line 399.
Is this due to an error in the Perl module, a problem with the registry data that I'm feeding the RR 4.0 plugins that use the module, a bug in the either the Perl module or RR 4.0 plugins that might need to be fixed, not a bug at all, or something else? Many thanks!
Here are some example runs using the plugin named "fileless.pl":
C:\keydet89\RegRipper4.0>rip.exe -r D:\Artifacts\RegFiles\SECURITY -p fileless
Launching fileless v.20200911
fileless v.20200911
(All) Scans a hive file looking for fileless malware entries
MITRE: T1059.001 (persistence)
Use of uninitialized value $list in pattern match (m//) at PERL2EXE_STORAGE/utf8_heavy.pl line 399.
C:\keydet89\RegRipper4.0>rip.exe -r D:\Artifacts\RegFiles\SYSTEM -p fileless
Launching fileless v.20200911
fileless v.20200911
(All) Scans a hive file looking for fileless malware entries
MITRE: T1059.001 (persistence)
Use of uninitialized value $list in pattern match (m//) at PERL2EXE_STORAGE/utf8_heavy.pl line 399.
C:\keydet89\RegRipper4.0>rip.exe -r D:\Artifacts\RegFiles\SAM -p fileless
Launching fileless v.20200911
fileless v.20200911
(All) Scans a hive file looking for fileless malware entries
MITRE: T1059.001 (persistence)
Use of uninitialized value $list in pattern match (m//) at PERL2EXE_STORAGE/utf8_heavy.pl line 399.
However, please note that this same error message pops up when using other plugins that also end up using this same module. This isn't a big issue, it's just merely an annoyance, so this is a low priority for any potential fix. Regards! Thanks for building such an awesome tool!
The text was updated successfully, but these errors were encountered: