Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in yarascan #28

Open
gomwan opened this issue Jun 11, 2016 · 4 comments
Open

Error in yarascan #28

gomwan opened this issue Jun 11, 2016 · 4 comments

Comments

@gomwan
Copy link

gomwan commented Jun 11, 2016

DEBUG Yara String Scanner
DEBUG : web.views : Yara String Scanner
DEBUG Setting Config CASE to None
DEBUG : web.vol_interface : Setting Config CASE to None
DEBUG Setting Config WIDE to None
DEBUG : web.vol_interface : Setting Config WIDE to None
DEBUG Setting Config ALL to None
DEBUG : web.vol_interface : Setting Config ALL to None
DEBUG Setting Config REVERSE to 0
DEBUG : web.vol_interface : Setting Config REVERSE to 0
DEBUG Setting Config YARA_RULES to google
DEBUG : web.vol_interface : Setting Config YARA_RULES to google
DEBUG Setting Config SIZE to 256
DEBUG : web.vol_interface : Setting Config SIZE to 256
ERROR Struct VOLATILITY_MAGIC has no member KPCR
ERROR : web.views : Struct VOLATILITY_MAGIC has no member KPCR
[11/Jun/2016 00:19:53] "POST /ajaxhandler/yara-string/ HTTP/1.1" 200 28

DEBUG : web.views : Yara String Scanner
DEBUG Setting Config CASE to None
DEBUG : web.vol_interface : Setting Config CASE to None
DEBUG Setting Config WIDE to None
DEBUG : web.vol_interface : Setting Config WIDE to None
DEBUG Setting Config ALL to None
DEBUG : web.vol_interface : Setting Config ALL to None
DEBUG Setting Config REVERSE to 0
DEBUG : web.vol_interface : Setting Config REVERSE to 0
DEBUG Setting Config YARA_FILE to yararules/Ap0calypse.yar
DEBUG : web.vol_interface : Setting Config YARA_FILE to yararules/Ap0calypse.yar
DEBUG Setting Config SIZE to 256
DEBUG : web.vol_interface : Setting Config SIZE to 256
ERROR Struct VOLATILITY_MAGIC has no member KPCR
ERROR : web.views : Struct VOLATILITY_MAGIC has no member KPCR
[11/Jun/2016 00:21:52] "POST /ajaxhandler/yara-string/ HTTP/1.1" 200 28

i using The Yara Scan Memory button on the Tools Bar

can you help me ,thank you so much
@kevthehermit
Copy link
Owner

Will have a look and see if i can reproduce the error

@gomwan
Copy link
Author

gomwan commented Jun 12, 2016

In you that this function is normal? I deployed two is the error. Is it my image or profile has a problem?

@kevthehermit
Copy link
Owner

Which OS is your Image?
Have you got the latest version of VolUtility?

You can try running volscan from the command line like normal. This would tell you if your image is ok

@gomwan
Copy link
Author

gomwan commented Jun 12, 2016

is centos65x64
Versions Python: 2.7.6 | Volatility: 2.5 | VolUtility: 1.0-dev

i can use linux_yarascan at command line
root@MF-Server:/opt/tools/volatility# python vol.py --profile=LinuxCentOS65x64 -f /opt/images/centos65_2.lime linux_yarascan -Y "google"
Volatility Foundation Volatility Framework 2.5
Task: polkitd pid 1564 rule r1 addr 0x7f32180e5165
0x7f32180e5165 67 6f 6f 67 6c 65 2d 76 69 64 65 6f 2d 70 6f 69 google-video-poi
0x7f32180e5175 6e 74 65 72 00 00 00 61 75 64 69 6f 2f 78 2d 6d nter...audio/x-m
0x7f32180e5185 34 62 00 74 65 78 74 2f 78 2d 63 72 65 64 69 74 4b.text/x-credit
0x7f32180e5195 73 00 00 74 65 78 74 2f 78 2d 6d 72 6d 6c 00 61 s..text/x-mrml.a
......................

i can't find volscan command, :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevthehermit @gomwan