volatilityfoundation
windows.handles.Handles not working
Describe the bug plugin produces no output
Context
Volatility Version:
Operating System: Kali, Parrot, Win10
Python Version: 3.11 and 3.12
Suspected Operating System: Linux (Debian), windows
Command: vol.py -vvvv -f SECURITYNIK-WIN-20231116-235706.dmp windows.handles.Handles --pid=4
To Reproduce Steps to reproduce the behavior: Run the plugin. Command and memory dump have been provided below.
- Use command '...'
- See error
- Did add some debugging print statements. See shortOutput.txt. Seems to move back and forth between automagic and handles.py. Possible thread timing problem? Have read previous issues. Have jsonschema, pycryptodome and capstone installed. Have tried on multiple OS's and versions of Volatility3. Have also provided vvvvv output as fullOutputWith_vvvv.txt.
- Most plugins have been working just fine so this is anomalous (And thanks for the vast majority that run without a hitch!)
- I submitted an issue that seems to have disappeared. Taking screenshot this time
Expected behavior A clear and concise description of what you expected to happen. Should produce a table of results. Not getting anything.
Example output
Please copy and paste the text demonstrating the issue, ideally with verbose output turned on (vol.py -vvv ...).
fullOutputWith_vvvv.txt
shortOutput.txt
Text is preferred to screenshots for searching and to talk about specific parts of the output.
Additional information In this case the memory dump is available to the public. https://github.com/SecurityNik/CTF
So those debug messages aren't actually errors, they're just informational, although you're not getting any results from the plugin. There were a few debugging messages in there that I didn't recognize. Have you managed to narrow down where you think the plugin is deviating from what you'd expect?
That's ok we'll leave this open, and I'll try to give it a look when I get a bit of time (likely a weekend, but it'll probably been in March at this point, since I'm quite busy)...