Windows.handle plugin bug #156
Comments
|
Thanks for reporting this. Since the output's already been posted to slack, I'll post a copy here too to keep everything together: From the error message and the output it looks like a runaway string All the code paths seem to return unicode strings (which should therefore already have been converted with the |
|
@yehias Sorry for the delay. Do you still have access to this memory sample? If we produce a debug branch of Volatility, would you be able to run a couple additional commands and share the output? |
|
Also, interestingly, using iconv on linux to convert UTF-16 to ASCII works just fine on the handles.txt file and displays the entire thing without errors? Opening the original handles.txt causes gedit to throw an error somewhere in the middle (at almost exactly 0x3a000, which may therefore just be some kind of buffer limit?). It would be really good to get the direct and complete output of running the command too, so by adding something like |
|
@iMHLv2 sorry for late reply i've been busy with some cases actually I don't have it anymore but I can replicate it again I was using it on windows 10 lab still have the machine so let me know which commands you need me to run and I will memory sample per command for reference |
|
@yehias If you're able to reproduce this again within your lab, would you be able to share that clean/non-sensitive memory dump? Unfortunately its not as easy as sending you some commands to run like I initially hoped. If that's definitely not going to be possible, can you tell us what install media you used to build the VM and if there's any customizations needed to produce the issue (i.e., any special language packs installed)? |
|
We haven't heard back in a while, if you're still encountering this issue please feel free to reopen it. 5:) |
|
Hi @ikelos sorry I didn't get back to you I will reproduce the issue and
check if the issue still exists.
…On Wed, Jul 15, 2020 at 10:52 PM ikelos ***@***.***> wrote:
We haven't heard back in a while, if you're still encountering this issue
please feel free to reopen it. 5:)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#156 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADU3IDQJCMEYI6RPNZW6T3DR3YCI5ANCNFSM4JYZPORQ>
.
--
Best Regards,
Yehia Serrieh
|
Hello,
First thanks a lot for such great framework, I was testing several plugins against windows 10 latest image, but it crashed and throw an error.
BUG
Traceback (most recent call last):anning primary2 using PdbSignatureScanner File "vol.py", line 10, in <module> volatility.cli.main() File "C:\Users\admin\Desktop\volatility3-master\volatility\cli\__init__.py", line 523, in main CommandLine().run() File "C:\Users\admin\Desktop\volatility3-master\volatility\cli\__init__.py", line 281, in run renderers[args.renderer]().render(constructed.run()) File "C:\Users\admin\Desktop\volatility3-master\volatility\cli\text_renderer.py", line 161, in render grid.populate(visitor, outfd) File "C:\Users\admin\Desktop\volatility3-master\volatility\framework\renderers\__init__.py", line 202, in populate accumulator = function(treenode, accumulator) File "C:\Users\admin\Desktop\volatility3-master\volatility\cli\text_renderer.py", line 156, in visitor accumulator.write("{}".format("\t".join(line))) File "C:\Users\admin\AppData\Local\Programs\Python\Python37\lib\encodings\cp1252.py", line 19, in encode return codecs.charmap_encode(input,self.errors,encoding_table)[0] UnicodeEncodeError: 'charmap' codec can't encode character '\u03e5' in position 68: character maps to <undefined>Regarding the windows.handle result I already submitted the file on slack
The text was updated successfully, but these errors were encountered: