I have this error when I perform a filescan or a psscan:
python vol.py -f Desktop_cs3.raw --profile=Win10x64_17763 filescan
Volatility Foundation Volatility Framework 2.6.1
Offset(P) #Ptr #Hnd Access Name
WARNING : volatility.debug : Cannot find nt!ObGetObjectType
WARNING : volatility.debug : Cannot find nt!ObGetObjectType
Traceback (most recent call last):
File "vol.py", line 192, in
main()
File "vol.py", line 183, in main
command.execute()
File "/root/volatility/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/root/volatility/volatility/plugins/filescan.py", line 75, in render_text
for file in data:
File "/root/volatility/volatility/poolscan.py", line 252, in scan
skip_type_check = skip_type_check)
File "/root/volatility/volatility/plugins/overlays/windows/windows.py", line 1258, in get_object
return self.get_object_top_down(struct_name, object_type, skip_type_check)
File "/root/volatility/volatility/plugins/overlays/windows/windows.py", line 1231, in get_object_top_down
header.get_object_type() == object_type):
File "/root/volatility/volatility/plugins/overlays/windows/win7.py", line 155, in get_object_type
return self.type_map.get(int(self.TypeIndex), '')
File "/root/volatility/volatility/plugins/overlays/windows/win10.py", line 330, in TypeIndex
return ((addr >> 8) ^ cook ^ indx) & 0xFF
TypeError: unsupported operand type(s) for ^: 'int' and 'NoneType'
I don't know if it's because the Windows 10 version or why. Can you help me?
The issue is related to #436
volatilityfoundation
