-
-
Save Wenzel/ab1b70d471cb499acb1f8529d8b8e03e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 20-06-30 21:44:05 root INFO Logging started | |
| 20-06-30 21:44:05 root INFO Volatility plugins path: ['/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/plugins', '/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/plugins'] | |
| 20-06-30 21:44:05 root INFO Volatility symbols path: ['/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/symbols', '/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/symbols'] | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/plugins, /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/plugins | |
| 20-06-30 21:44:05 volatility.plugins.yarascan INFO Python Yara module not found, plugin (and dependent plugins) not available | |
| 20-06-30 21:44:05 volatility.framework DEBUG No module named 'yara' | |
| 20-06-30 21:44:05 volatility.framework DEBUG Failed to import module volatility.plugins.yarascan based on file: yarascan | |
| 20-06-30 21:44:05 volatility.plugins.yarascan INFO Python Yara module not found, plugin (and dependent plugins) not available | |
| 20-06-30 21:44:05 volatility.framework DEBUG No module named 'yara' | |
| 20-06-30 21:44:05 volatility.framework DEBUG Failed to import module volatility.plugins.windows.callbacks based on file: windows/callbacks | |
| 20-06-30 21:44:05 volatility.plugins.yarascan INFO Python Yara module not found, plugin (and dependent plugins) not available | |
| 20-06-30 21:44:05 volatility.framework DEBUG No module named 'yara' | |
| 20-06-30 21:44:05 volatility.framework DEBUG Failed to import module volatility.plugins.windows.svcscan based on file: windows/svcscan | |
| 20-06-30 21:44:05 volatility.plugins.yarascan INFO Python Yara module not found, plugin (and dependent plugins) not available | |
| 20-06-30 21:44:05 volatility.framework DEBUG No module named 'yara' | |
| 20-06-30 21:44:05 volatility.framework DEBUG Failed to import module volatility.plugins.windows.vadyarascan based on file: windows/vadyarascan | |
| 20-06-30 21:44:05 root INFO The following plugins could not be loaded (use -vv to see why): volatility.plugins.windows.callbacks, volatility.plugins.windows.svcscan, volatility.plugins.windows.vadyarascan, volatility.plugins.yarascan | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/automagic | |
| 20-06-30 21:44:05 root Level 7 Cache directory used: /home/wenzel/.cache/volatility3 | |
| 20-06-30 21:44:05 volatility.framework.automagic INFO Detected a windows category plugin | |
| 20-06-30 21:44:05 volatility.framework.automagic INFO Running automagic: ConstructionMagic | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.automagic.construct_layers Level 9 Failed on requirement: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework.automagic.construct_layers Level 9 Failed on requirement: plugins.SSDT | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.automagic.construct_layers Level 9 Failed on requirement: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.automagic.construct_layers Level 9 Failed on requirement: plugins.SSDT | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.automagic INFO Running automagic: WinSwapLayers | |
| 20-06-30 21:44:05 volatility.framework.automagic INFO Running automagic: LayerStacker | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.layers.resources Level 7 Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, JarHandler | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using QemuStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using LimeStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using Elf64Stacker | |
| 20-06-30 21:44:05 volatility.framework.symbols.intermed Level 6 Searching for symbols in /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/symbols, /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/symbols | |
| 20-06-30 21:44:05 volatility.schemas INFO Dependency for validation unavailable: jsonschema | |
| 20-06-30 21:44:05 volatility.schemas DEBUG All validations will report success, even with malformed input | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Stacked Elf64Layer using Elf64Stacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using QemuStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using LimeStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using WindowsCrashDump32Stacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using VmwareStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using WintelStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.windows DEBUG DTB was found at: 0x2ec000 | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Stacked IntelLayer using WintelStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using QemuStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using LimeStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using WindowsCrashDump32Stacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using VmwareStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using MacintelStacker | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker Level 8 Attempting to stack using LintelStacker | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary.memory_layer | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 IndexError - No configuration provided: plugins.SSDT.primary.memory_layer.base_layer | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.symbols.intermed Level 6 Searching for symbols in /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/symbols, /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/symbols | |
| 20-06-30 21:44:05 volatility.schemas INFO Dependency for validation unavailable: jsonschema | |
| 20-06-30 21:44:05 volatility.schemas DEBUG All validations will report success, even with malformed input | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.interfaces.configuration Level 9 TypeError - kernel_virtual_offset requirements only accept int type: None | |
| 20-06-30 21:44:05 volatility.framework.interfaces.configuration Level 9 TypeError - kernel_virtual_offset requirements only accept int type: None | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.interfaces.configuration Level 9 TypeError - kernel_banner requirements only accept str type: None | |
| 20-06-30 21:44:05 volatility.framework.interfaces.configuration Level 9 TypeError - kernel_banner requirements only accept str type: None | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.automagic.construct_layers Level 9 Failed on requirement: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.automagic.construct_layers Level 9 Failed on requirement: plugins.SSDT | |
| 20-06-30 21:44:05 volatility.framework Level 6 Importing from the following paths: /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/layers | |
| 20-06-30 21:44:05 volatility.framework.automagic.stacker DEBUG Stacked layers: ['IntelLayer', 'Elf64Layer', 'FileLayer'] | |
| 20-06-30 21:44:05 volatility.framework.automagic INFO Running automagic: WintelHelper | |
| 20-06-30 21:44:05 volatility.framework.automagic INFO Running automagic: KernelPDBScanner | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.automagic.pdbscan DEBUG Kernel base determination - using KDBG structure for kernel offset | |
| 20-06-30 21:44:05 volatility.framework.symbols.intermed Level 6 Searching for symbols in /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/symbols, /home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/symbols | |
| 20-06-30 21:44:05 volatility.framework.automagic.pdbscan DEBUG Using symbol library: ntkrpamp.pdb/C40DD53A8D3D4AE3A24CE6BE866649C9-1 | |
| 20-06-30 21:44:05 volatility.schemas INFO Dependency for validation unavailable: jsonschema | |
| 20-06-30 21:44:05 volatility.schemas DEBUG All validations will report success, even with malformed input | |
| 20-06-30 21:44:05 volatility.framework.configuration.requirements Level 9 Symbol table requirement not yet fulfilled: plugins.SSDT.nt_symbols | |
| 20-06-30 21:44:05 volatility.framework.plugins WARNING Automagic exception occurred: ValueError: Symbol type not in nt_symbols1 SymbolTable: _ETHREAD | |
| 20-06-30 21:44:05 volatility.framework.plugins Level 9 Traceback (most recent call last): | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/automagic/__init__.py", line 129, in run | |
| automagic(context, config_path, requirement, progress_callback) | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/automagic/pdbscan.py", line 484, in __call__ | |
| self.recurse_symbol_fulfiller(context, valid_kernels, progress_callback) | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/automagic/pdbscan.py", line 224, in recurse_symbol_fulfiller | |
| requirement.construct(context, config_path) | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/configuration/requirements.py", line 369, in construct | |
| obj = self._construct_class(context, config_path, args) | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/interfaces/configuration.py", line 566, in _construct_class | |
| obj = cls(**requirement_dict) | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/symbols/windows/__init__.py", line 16, in __init__ | |
| self.set_type_class('_ETHREAD', extensions.ETHREAD) | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/symbols/intermed.py", line 55, in _delegate_function | |
| return getattr(self._delegate, name)(*args, **kwargs) | |
| File "/home/wenzel/Projets/oswatcher/venv/lib/python3.8/site-packages/volatility/framework/symbols/intermed.py", line 367, in set_type_class | |
| raise ValueError("Symbol type not in {} SymbolTable: {}".format(self.name, name)) | |
| ValueError: Symbol type not in nt_symbols1 SymbolTable: _ETHREAD |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment