https://github.com/volatilityfoundation/volatility/commit/429a160925b216f04147bbdbac7ff867947da4d0
:) Thanks, Andrew (@attrc) On 04/07/2016 03:13 PM, Jim Clausing wrote: > Now my feature request, can we get PPID added to the linux_pslist > output? :-) > > -- > Jim Clausing > GIAC GSE #26, CISSP > GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D > > On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly: > >> I guess it really has been a long week. It turns out that --info will >> show the profiles if I use --plugins=~user/dir but the profile only >> actually works if I use --plugins=/home/user/dir So, I guess problem >> mostly solved. User error on my part. Return to your regularly >> scheduled programming. (As I slink away in shame) >> >> -- >> Jim Clausing >> GIAC GSE #26, CISSP >> GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D >> >> On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly: >> >>> Sigh... Ignore that last e-mail (although that is all the debug info >>> I get when it fails and, yes, I know I gave an invalid switch -m >>> should have been -f). I redid it copying and pasting the profile >>> name from the --info listing on the virgin system and it actually >>> does work, so my next move is to install (from github) the current >>> version on my actual production system and see if that fixes the >>> issues. Maybe the version from the SIFT repos is broken (that is >>> what was running on the system where I originally had the problem). >>> It has been a long week. :-/. >>> >>> -- >>> Jim Clausing >>> GIAC GSE #26, CISSP >>> GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D >>> >>> On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly: >>> >>>> Hey, >>>> >>>> Can you run volatility with -dd set and send the output? If I can't >>>> figure out it from there I will take the memory sample and profile. >>>> Feel >>>> free to send debug output offline. >>>> >>>> Thanks, >>>> Andrew (@attrc) >>>> >>>> On 04/07/2016 12:27 PM, Jim Clausing wrote: >>>>> Gang, >>>>> I've googled it and saw some other discussion of the dreaded >>>>> >>>>> ERROR : volatility.debug : Invalid profile <blah> selected >>>>> >>>>> error. I'm trying to figure out what changed recently so that >>>>> profiles >>>>> that used to work for me, no longer work. I just did a fresh Ubuntu >>>>> 14.04.4 install and then installed volatility (and distorm3 via pip) >>>>> from github and I'm getting the error above. Note, this is the >>>>> current >>>>> release version, though I also have the problem with the version from >>>>> whatever repo SIFT uses. The profile actually came from SecondLook >>>>> and >>>>> worked just fine on a different Ubuntu system about 4 weeks ago, but >>>>> today it fails (on the system where it used to run), so I decided >>>>> to try >>>>> on this virgin system and get the same error. I'm at a loss, since >>>>> there are no other debugging messages to help me out with what >>>>> might be >>>>> the problem. I can provide the profile to anyone who needs it (and >>>>> probably a memory image, too, but that needs to be a little more >>>>> tightly >>>>> controlled) if that would help. >>>>> >>>>> -- >>>>> Jim Clausing >>>>> GIAC GSE #26, CISSP >>>>> GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D >>>>> _______________________________________________ >>>>> Vol-users mailing list >>>>> [email protected] >>>>> http://lists.volatilesystems.com/mailman/listinfo/vol-users >>>>> >>>> >>>> >>> >> > _______________________________________________ Vol-users mailing list [email protected] http://lists.volatilesystems.com/mailman/listinfo/vol-users
