Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

have some error,how to solve this #1

Open
littleheary opened this issue Nov 1, 2021 · 2 comments
Open

have some error,how to solve this #1

littleheary opened this issue Nov 1, 2021 · 2 comments

Comments

@littleheary
Copy link

Traceback (most recent call last):
File "/usr/bin/volatility", line 192, in
main()
File "/usr/bin/volatility", line 183, in main
command.execute()
File "/usr/lib/python2.7/dist-packages/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/usr/lib/python2.7/dist-packages/volatility/commands.py", line 282, in render_text
config = self._config), data)
File "/usr/lib/python2.7/dist-packages/volatility/commands.py", line 276, in _render
renderer.render(outfd, output)
File "/usr/lib/python2.7/dist-packages/volatility/renderers/text.py", line 115, in render
grid_depth = grid.visit(None, lambda x, y: max(y, grid.path_depth(x)), 0)
File "/usr/lib/python2.7/dist-packages/volatility/renderers/init.py", line 248, in visit
self.populate()
File "/usr/lib/python2.7/dist-packages/volatility/renderers/init.py", line 149, in populate
for (level, item) in self._generator:
File "/usr/lib/python2.7/dist-packages/volatility/plugins/sqlitefind.py", line 227, in generator
for name, needle_size, col_type_str in data:
File "/usr/lib/python2.7/dist-packages/volatility/plugins/sqlitefind.py", line 201, in calculate
for address, row_id, types, values in searcher.find_records(address_space):
File "/usr/lib/python2.7/dist-packages/volatility/plugins/sqlitetools.py", line 600, in find_records
for buf, offset, absolute_offset in _search_addr_space(address_space, self.needle.yara_rule):
File "/usr/lib/python2.7/dist-packages/volatility/plugins/sqlitetools.py", line 727, in _search_addr_space
for str_pos, str_name, str_value in matched_rules[0].strings:
KeyError: 0
@mbrown1413
Copy link
Owner

I don't have the software running currently, so I can only help so much. If you are able to do some debugging I can point you in the right direction.

The "KeyError: 0" leads me to believe that matched_rules is a dictionary but it should be a list. You can start by printing out matched_rules to see what that data is and why. That variable comes from a yara match method which I don't think has changed what it returns looking at the documentation.

@esrever98
Copy link

I think Mr.littleheary would have already solved the issue, but in case of anyone who are stuck withe the same issue, the reason of the problem was the version of the yara-python module as the owner said.

I didn't dig more to find the exact reason of the problem, but when i re-installed my yara-python module in 3.7.0 version, the issue was solved. (Current Version of Yara-python is 4.3.1)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mbrown1413 @littleheary @esrever98