Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when I make profile in Window 8 Pro (64 bits) #515

Closed
GoogleCodeExporter opened this issue Aug 6, 2015 · 1 comment
Closed

Error when I make profile in Window 8 Pro (64 bits) #515

GoogleCodeExporter opened this issue Aug 6, 2015 · 1 comment

Comments

@GoogleCodeExporter
Copy link 

I make my memory image with dumpit.
when I make, profile, I got this error.
I used Volatility 2.4 and I test upon Kali Linux.
The default version is 2.3.1 in Kali Linux so I download dedicated 2.4 version.


python vol.py -f '/media/L.P.ostaoak/mem/MADI/ACY-20140914-143336.raw' imageinfo
Volatility Foundation Volatility Framework 2.4
*** Failed to import volatility.plugins.malware.apihooks (NameError: name 
'distorm3' is not defined)
*** Failed to import volatility.plugins.ssdt (NameError: name 'distorm3' is not 
defined)
*** Failed to import volatility.plugins.mac.apihooks_kernel (ImportError: No 
module named distorm3)
*** Failed to import volatility.plugins.linux.apihooks (ImportError: No module 
named distorm3)
*** Failed to import volatility.plugins.malware.threads (NameError: name 
'distorm3' is not defined)
*** Failed to import volatility.plugins.mac.check_syscall_shadow (ImportError: 
No module named distorm3)
*** Failed to import volatility.plugins.mac.apihooks (ImportError: No module 
named distorm3)
Determining profile based on KDBG search...

          Suggested Profile(s) : No suggestion (Instantiated with Win8SP1x64)
                     AS Layer1 : AMD64PagedMemory (Kernel AS)
                     AS Layer2 : FileAddressSpace (/media/L.P.ostaoak/mem/MADI/ACY-20140914-143336.raw)
                      PAE type : No PAE
                           DTB : 0x1aa000L
             KUSER_SHARED_DATA : 0xfffff78000000000L
           Image date and time : 2014-09-14 11:23:49 UTC+0000
     Image local date and time : 2014-09-14 17:53:49 +0630

===========================================

And then I make kdbgscan again, 

python vol.py -f '/media/L.P.ostaoak/mem/MADI/ACY-20140914-143336.raw' kdbgscan
Volatility Foundation Volatility Framework 2.4
*** Failed to import volatility.plugins.malware.apihooks (NameError: name 
'distorm3' is not defined)
*** Failed to import volatility.plugins.ssdt (NameError: name 'distorm3' is not 
defined)
*** Failed to import volatility.plugins.mac.apihooks_kernel (ImportError: No 
module named distorm3)
*** Failed to import volatility.plugins.malware.threads (NameError: name 
'distorm3' is not defined)
*** Failed to import volatility.plugins.linux.apihooks (ImportError: No module 
named distorm3)
*** Failed to import volatility.plugins.mac.check_syscall_shadow (ImportError: 
No module named distorm3)
*** Failed to import volatility.plugins.mac.apihooks (ImportError: No module 
named distorm3)

But I cannot get any results for this.
Please help to fix my errors. Why is that ?

Original issue reported on code.google.com by sagittar...@gmail.com on 16 Sep 2014 at 5:18
@GoogleCodeExporter
Copy link
Author 

Windows 8/2012 x64 analysis requires distorm3. Please see: 

https://github.com/volatilityfoundation/volatility/wiki/Windows-8-2012

Also, we do not use Google Code anymore, so future issues will not be seen 
here. Please use the new GitHub site: 

https://github.com/volatilityfoundation/volatility/issues

Original comment by michael.hale@gmail.com on 18 Sep 2014 at 4:53

  • Changed state: Invalid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter