backtrace in linux_recover_filesystem

[iMHLv2]

ABOVE: Also, the linux_recover_filesystem plugin still has some issues, probably triggered by busted metadata in the memory dump. I’ve reported them to Andrew, we looked into it a bit, and he has filed a bug report. The issues occur on a memory dump that the Volatility team members have, so we can go from there. Here’s the crash:

bigjoe:volatility_2.4 golden$ sudo rm -rf DELETEME && mkdir DELETEME && sudo python vol.py --profile=Linux3_2_x86_newx86 -f ../voltrunk/after.p2.lime linux_recover_filesystem -D DELETEME

[snip]
[snip]

Traceback (most recent call last):
File "vol.py", line 183, in
main()
File "vol.py", line 174, in main
command.execute()
File "/Users/golden/Work/volatility_2.4/volatility/plugins/linux/common.py", line 62, in execute
commands.Command.execute(self, _args, *_kwargs)
File "/Users/golden/Work/volatility_2.4/volatility/commands.py", line 121, in execute
func(outfd, data)
File "/Users/golden/Work/volatility_2.4/volatility/plugins/linux/recover_filesystem.py", line 103, in render_text
for (num_files, real_bytes, total_bytes) in data:
File "/Users/golden/Work/volatility_2.4/volatility/plugins/linux/recover_filesystem.py", line 95, in calculate
self._write_file(ff, file_path, file_dentry)
File "/Users/golden/Work/volatility_2.4/volatility/plugins/linux/recover_filesystem.py", line 64, in _write_file
fd = open(out_path, "wb")
IOError: [Errno 21] Is a directory: 'DELETEME/root']

[atcuno]

Fixed, along with other improvements in: 3a18e6b & 7d8f349

[atcuno]

closing