h2cyber / voldiff Goto Github PK
View Code? Open in Web Editor NEWVolDiff: Malware Memory Footprint Analysis based on Volatility
License: BSD 2-Clause "Simplified" License
VolDiff: Malware Memory Footprint Analysis based on Volatility
License: BSD 2-Clause "Simplified" License
I got this error today, when VolDiff started hunting for malicious artifacts.
I am not even mediocre with Python, so I am not 100% sure what is happening, other than something with a regex does not seem to be working.
I am on Ubuntu 16.X LTS with Python 2.7
File "VolDiff.py", line 1811, in
main()
File "VolDiff.py", line 1444, in main
path = get_execpath(pid)
File "VolDiff.py", line 617, in get_execpath
if re.search(procnamep + ' pid.*' + str(pid), line, re.IGNORECASE):
File "/usr/lib/python2.7/re.py", line 146, in search
return _compile(pattern, flags).search(string)
File "/usr/lib/python2.7/re.py", line 251, in _compile
raise error, v # invalid expression
Hi I am new to voldiff, while running this error appeared.
Traceback (most recent call last):
File "C:\Users\John\Desktop\VolDiff\VolDiff.py", line 1811, in
main()
File "C:\Users\John\Desktop\VolDiff\VolDiff.py", line 983, in main
print_help()
File "C:\Users\John\Desktop\VolDiff\VolDiff.py", line 194, in print_help
sys.exit()
SystemExit
Any idea what went wrong?
This error came from the "Diffing output results..." step:
Traceback (most recent call last):
File "VolDiff.py", line 1811, in <module>
main()
File "VolDiff.py", line 1220, in main
if re.search(r"[a-zA-Z\.]\s+%s " % pid, line, re.IGNORECASE):
File "/usr/lib/python2.7/re.py", line 142, in search
return _compile(pattern, flags).search(string)
File "/usr/lib/python2.7/re.py", line 244, in _compile
raise error, v # invalid expression
sre_constants.error: unbalanced parenthesis
path_to_volatility variable must point to volatility executable or python script.
Update at line 23.
hello folks,
thxx a lot for this great tool i just discovered.
i just gave it a try on a win7 ram image profile and i got an out of range error msg.
anything i can do for solve this?Volatility plugin malfind execution in progress...
Volatility plugin procdump execution in progress...
Volatility plugin idt execution in progress...
Volatility plugin gdt execution in progress...
Volatility plugin driverirp execution in progress...
Volatility plugin deskscan execution in progress...
Volatility plugin timers execution in progress...
Volatility plugin gditimers execution in progress...
Volatility plugin ssdt execution in progress...
Hunting for malicious artifacts in memory...
Traceback (most recent call last):
File "VolDiff.py", line 1811, in
main()
File "VolDiff.py", line 1391, in main
ppids = get_all_ppids("explorer.exe|csrss.exe|wininit.exe|winlogon.exe|system")
File "VolDiff.py", line 595, in get_all_ppids
ppids.append(re.sub(' +', ' ', line).split(' ')[3])
IndexError: list index out of range
nocomp@8uR34ud3sL1c0rn35:~/tools/forensic/VolDiff$
best regards
We have the following error:
...
File VolDiff.py, line 1552, in main
report_anomalies("interesting files on disk(filescan).", suspicious files)
File VolDiff.py, line 402, in report anomalies
anomaly_list_to_report = anomaly_list[0:threshold]
TypeError: 'set' object is not subscriptable
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.