Someone wrote in ![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} jessekornblum, |
Re: Problem Using Suspicious
When I run the script, I get the following error...
Traceback (most recent call last):
File "volatility", line 219, in
main()
File "volatility", line 215, in main
command.execute()
File "memory_plugins/suspicious.py", line 106, in execute
command_line = eprocess.CommandLine
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return object.__getattribute__(self, attr)
File "memory_plugins/suspicious.py", line 155, in getCommandLine
if mypeb.ProcessParameters is None:
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
base_address = self.get_member(attr).v()
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return self.value()
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return self.type.v(self)
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return self.value(theObject)
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
theObject.vm.read(theObject.offset, self.size))
File "C:\Python25\lib\struct.py", line 87, in unpack
return o.unpack(s)
struct.error: unpack requires a string argument of length 4
Is there another file that needs to be removed? Thanks.
When I run the script, I get the following error...
Traceback (most recent call last):
File "volatility", line 219, in
main()
File "volatility", line 215, in main
command.execute()
File "memory_plugins/suspicious.py", line 106, in execute
command_line = eprocess.CommandLine
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return object.__getattribute__(self, attr)
File "memory_plugins/suspicious.py", line 155, in getCommandLine
if mypeb.ProcessParameters is None:
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
base_address = self.get_member(attr).v()
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return self.value()
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return self.type.v(self)
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
return self.value(theObject)
File "C:\Documents and Settings\User\My Documents\Volatility-1.3_Beta\forensics\o
theObject.vm.read(theObject.offset, self.size))
File "C:\Python25\lib\struct.py", line 87, in unpack
return o.unpack(s)
struct.error: unpack requires a string argument of length 4
Is there another file that needs to be removed? Thanks.
