volatility3
volatility3 copied to clipboard
volatilityfoundation
Issue when analyzing LiME dump from Android 15 AVD.
When running the linux.pslist plugin against a memory dump from a custom Android 15 kernel (Linux version 6.6.30-android15-8), Volatility 3 reports:
Unsatisfied requirement plugins.PsList.kernel.layer_name:
Unsatisfied requirement plugins.PsList.kernel.symbol_table_name:
The plugin cannot load the kernel translation layer or symbol table, even though a kernel symbol file is present.
Volatility Version: 2.27.0 Operating System: Windows 10/11/Ubuntu 24.04.03 Python Version: Python 3.10.0 / newest python Suspected Operating System: Android 15 custom kernel x86_64 Command:
python vol.py -f "memory.lime" -v linux.pslist
Steps to reproduce the behavior:
Acquire a memory dump (memory.lime) from an Android Virtual Device x86_64 with custom kernel 6.6.30-android15-8 using adb pull.
Have the kernel symbols JSON file located at the Volatility symbols directory.
Run the command to load the process list plugin.
See error indicating unsatisfied kernel layer and symbol table requirements.
Expected behavior
The plugin should successfully load the kernel layer and symbols, displaying the list of running processes.
Example output
C:\Users\me\Desktop\Voltality 3 Develop\volatility3>python vol.py -f "C:\Users\me\Desktop\Voltality 3 Develop\memory.lime" -v linux.pslist
INFO volatility3.cli: Volatility plugins path: ['C:\\Users\\me\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\plugins', 'C:\\Users\\me\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\framework\\plugins']
INFO volatility3.cli: Volatility symbols path: ['C:\\Users\\me\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\symbols', 'C:\\Users\\me\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\framework\\symbols']
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.linux.vmayarascan, volatility3.plugins.windows.cachedump, volatility3.plugins.windows.direct_system_calls, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.indirect_system_calls, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.malware.direct_system_calls, volatility3.plugins.windows.malware.indirect_system_calls, volatility3.plugins.windows.mftscan, volatility3.plugins.windows.registry.cachedump, volatility3.plugins.windows.registry.hashdump, volatility3.plugins.windows.registry.lsadump, volatility3.plugins.windows.vadyarascan, volatility3.plugins.yarascan
Volatility 3 Framework 2.27.0
INFO volatility3.framework.automagic: Detected a linux category plugin
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
INFO volatility3.framework.automagic: Running automagic: LayerStacker
INFO volatility3.schemas: Dependency for validation unavailable: jsonschema
INFO volatility3.schemas: Dependency for validation unavailable: jsonschema
INFO volatility3.schemas: Dependency for validation unavailable: jsonschema
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
INFO volatility3.framework.automagic: Running automagic: KernelModule
Unsatisfied requirement plugins.PsList.kernel.layer_name:
Unsatisfied requirement plugins.PsList.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that:
A file was provided to create this layer (by -f, --single-location or by config)
The file exists and is readable
The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that:
The associated translation layer requirement was fulfilled
You have the correct symbol file for the requirement
The symbol file is under the correct directory or zip file
The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.PsList.kernel.layer_name', 'plugins.PsList.kernel.symbol_table_name']
Additional information
Memory dump obtained via adb pull from Android emulator with virtual device x86_64 and custom Android 15 kernel.
Kernel symbols manually generated or extracted from build system and placed in Volatility’s symbols directory.
Banner mismatch or incomplete symbol support for this custom kernel may be causing the issue.
This feels as though it's a duplicate of #1892, but you've provided less information this time? You've helped us debug issues like this in that ticket, why did you open a new one and not provide -vvv output? If you don't provide us the appropriate information, or worse, duplicate issues you've already opened, that's going to divert developer time and attention away from actually fixing your problem, and towards writing long boring answers like this.
Please provide the output from your run with the -vvv flag or if this isn't a new bug, please close it and try to avoid filing duplicate bugs.
Its not same issue, i download fix for your resolve ,and now it doesnt works again.
Then please provide the output with the -vvv as asked for when reporting bugs.
Hello! I analyze my memory output again. I patched code of vol3 develop branch in few steps - by fixing module_sect_attr error and few comparing errors Now i've got :
C:\Users\user\Desktop\Voltality 3 Develop\volatility3>python vol.py -vvvvvv -f "C:\Users\user\Desktop\Voltality 3 Develop\memory.lime" --symbol-dirs "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\symbols" --single-location "C:\Users\user\Desktop\Voltality 3 Develop\memory.lime" linux.pslist.PsList
INFO volatility3.cli: Volatility plugins path: ['C:\\Users\\user\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\plugins', 'C:\\Users\\user\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\framework\\plugins']
INFO volatility3.cli: Volatility symbols path: ['C:\\Users\\user\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\symbols', 'C:\\Users\\user\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\symbols', 'C:\\Users\\user\\Desktop\\Voltality 3 Develop\\volatility3\\volatility3\\framework\\symbols']
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\plugins, C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\plugins
DEBUG volatility3.plugins.yarascan: Using yara-python module
DEBUG volatility3.plugins.renderers.parquet_renderer: Arrow/Parquet libraries not found
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\automagic
Volatility 3 Framework 2.27.0
DETAIL 3 volatility3.cli: Cache directory used: C:\Users\user\AppData\Roaming\volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\symbols
INFO volatility3.framework.automagic: Running automagic: LayerStacker
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 3 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
DETAIL 4 volatility3.framework.layers.resources: UNC path detected, converted path file://///C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime to file:///////C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Bad magic 0x4c694d45 at file offset 0x0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Bad magic 0x4c694d45 at file offset 0x0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Stacked LimeLayer using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelVMCOREINFOStacker
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\symbols
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
INFO volatility3.schemas: Dependency for validation unavailable: jsonschema
DEBUG volatility3.schemas: All validations will report success, even with malformed input
DEBUG volatility3.framework.automagic.linux: Values found in VMCOREINFO: KASLR=0x1dc00000, ASLR=0x2e400000, DTB=0x20e3c000
DETAIL 2 volatility3.framework.automagic.stacker: Stacked primary using LinuxIntelVMCOREINFOStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name.memory_layer
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name.memory_layer.base_layer
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework.layers.resources: UNC path detected, converted path file://///C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime to file:///////C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\layers
DEBUG volatility3.framework.automagic.stacker: physical_layer maximum_address: 2146905151
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['primary', 'LimeLayer', 'FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DEBUG volatility3.framework.automagic.symbol_finder: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DEBUG volatility3.framework.automagic.symbol_finder: Using symbol library: file:///C:/Users/user/Desktop/Voltality%203%20Develop/volatility3/volatility3/symbols/android-kernel-symbols.json
INFO volatility3.schemas: Dependency for validation unavailable: jsonschema
DEBUG volatility3.schemas: All validations will report success, even with malformed input
DEBUG volatility3.framework.automagic.symbol_finder: producer_name: dwarf2json, producer_version: 0.9.0
DEBUG volatility3.framework.automagic.symbol_finder: Types:
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'dwarf', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': '5e98df50d5b909c5879d2f5cfea58e4bf8ac461afe654a4ec958e460e164ec86'}
DEBUG volatility3.framework.automagic.symbol_finder: Symbols:
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'dwarf', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': '5e98df50d5b909c5879d2f5cfea58e4bf8ac461afe654a4ec958e460e164ec86'}
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'symtab', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': '5e98df50d5b909c5879d2f5cfea58e4bf8ac461afe654a4ec958e460e164ec86'}
INFO volatility3.framework.automagic: Running automagic: KernelModule
DEBUG volatility3.cli: Successfully constructed linux.pslist.PsList (4, 1, 1)
DETAIL 3 volatility3.cli.text_filter: Filters:
[]
OFFSET (V) PID TID PPID COMM UID GID EUID EGID CREATION TIME File output
Traceback (most recent call last):
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\vol.py", line 11, in <module>
volatility3.cli.main()
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\cli\__init__.py", line 934, in main
CommandLine().run()
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\cli\__init__.py", line 522, in run
renderer.render(grid)
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\cli\text_renderer.py", line 329, in render
grid.populate(visitor, outfd)
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\renderers\__init__.py", line 318, in populate
for level, item in self._generator:
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\plugins\linux\pslist.py", line 213, in _generator
for task in self.list_tasks(
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\plugins\linux\pslist.py", line 280, in list_tasks
for task in init_task.thread_group.to_list(
File "C:\Users\user\Desktop\Voltality 3 Develop\volatility3\volatility3\framework\objects\__init__.py", line 993, in __getattr__
raise AttributeError(
AttributeError: StructType has no attribute: symbol_table_name1!task_struct.thread_group
Thank you very much for your assistance.
Best regards.
Hi @BinsIT, did you apply any modification to linux/pslist.py file?
The line for task in init_task.thread_group.to_list( is not present in the latest version of volatility3:
https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/linux/pslist.py#L280
I'm not sure that we'll be able to help you with a modified vol3 installation. Have you tried using the latest pslist.py version?
Yes i tried to use latest pslist.py version but it doesnt work. I download it from lastest develop branch,but program shows previous error (module sect attr). If u would like to fix it , i will be glad.
The module_sect_attr fix will soon be pushed to develop. Can you try the following in the meantime, after saving your current custom branch:
git checkout develop
git pull
git checkout -b my_tmp_branch
git fetch origin 'pull/1773/head:issue_1761_module_sect_attr_fix'
git merge --squash issue_1761_module_sect_attr_fix
And then re-run analysis
C:\Users\user\Desktop\Voltality 3 Develop\vol3develop>python vol.py -vvvvvv -f "C:\Users\user\Desktop\Voltality 3 Develop\memory.lime" --symbol-dirs "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols\android-kernel-symbols.json" --single-location "C:\Users\user\Desktop\Voltality 3 Develop\memory.lime" linux.pslist.PsList INFO volatility3.cli: Volatility plugins path: ['C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\plugins', 'C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\plugins'] INFO volatility3.cli: Volatility symbols path: ['C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols\android-kernel-symbols.json', 'C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols', 'C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols'] DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\plugins, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\plugins DEBUG volatility3.plugins.yarascan: Using yara-python module DEBUG volatility3.plugins.renderers.parquet_renderer: Arrow/Parquet libraries not found DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\automagic Volatility 3 Framework 2.27.0 DETAIL 3 volatility3.cli: Cache directory used: C:\Users\user\AppData\Roaming\volatility3 INFO volatility3.framework.automagic: Detected a linux category plugin DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers INFO volatility3.framework.automagic: Running automagic: ConstructionMagic DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\uiser\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 4 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols\android-kernel-symbols.json, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols INFO volatility3.framework.automagic: Running automagic: LayerStacker DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name DETAIL 3 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler, S3FileSystemHandler, GSFileSystemHandler, LeechCoreHandler DETAIL 4 volatility3.framework.layers.resources: UNC path detected, converted path file://///C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime to file:///////C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker DETAIL 4 volatility3.framework.layers.elf: Exception: Bad magic 0x4c694d45 at file offset 0x0 DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker DETAIL 4 volatility3.framework.layers.xen: Exception: Bad magic 0x4c694d45 at file offset 0x0 DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker DETAIL 2 volatility3.framework.automagic.stacker: Stacked LimeLayer using LimeStacker DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0 DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0 DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelVMCOREINFOStacker DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols\android-kernel-symbols.json, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00' DEBUG volatility3.schemas: Validating JSON against schema... DEBUG volatility3.schemas: JSON validated against schema (result cached) DETAIL 3 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: socket DETAIL 4 volatility3.framework.automagic.stacker: Traceback (most recent call last):
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\automagic\stacker.py", line 219, in stack_layer new_layer = stacker.stack(context, initial_layer, progress_callback)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\automagic\linux.py", line 337, in stack table = linux.LinuxKernelIntermedSymbols(
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols\linux_init_.py", line 81, in init self.set_type_class("socket", extensions.network.socket)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols\intermed.py", line 60, in _delegate_function return getattr(self._delegate, name)(*args, **kwargs)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols\intermed.py", line 446, in set_type_class raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")
ValueError: Symbol type not in LintelStacker1 SymbolTable: socket
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00' DETAIL 3 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: socket DETAIL 4 volatility3.framework.automagic.stacker: Traceback (most recent call last):
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\automagic\stacker.py", line 219, in stack_layer new_layer = stacker.stack(context, initial_layer, progress_callback)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\automagic\linux.py", line 58, in stack table = linux.LinuxKernelIntermedSymbols(
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols\linux_init_.py", line 81, in init self.set_type_class("socket", extensions.network.socket)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols\intermed.py", line 60, in _delegate_function return getattr(self._delegate, name)(*args, **kwargs)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols\intermed.py", line 446, in set_type_class raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")
ValueError: Symbol type not in LintelStacker1 SymbolTable: socket
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: LimeLayer DETAIL 1 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer DEBUG volatility3.framework.automagic.stacker: physical_layer maximum_address: 2146905151 DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['LimeLayer', 'FileLayer'] INFO volatility3.framework.automagic: Running automagic: SymbolFinder INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name INFO volatility3.framework.automagic: Running automagic: KernelModule DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Unsatisfied requirement plugins.PsList.kernel.layer_name: Unsatisfied requirement plugins.PsList.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that: A file was provided to create this layer (by -f, --single-location or by config) The file exists and is readable The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that: The associated translation layer requirement was fulfilled You have the correct symbol file for the requirement The symbol file is under the correct directory or zip file The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.PsList.kernel.layer_name', 'plugins.PsList.kernel.symbol_table_name']
Now theres something like this. Vol3 doesnt find symbols for socket.
The kernel you are analyzing does not have the expected "socket" structure. This is similar to this issue:
https://github.com/volatilityfoundation/volatility3/issues/1090#issuecomment-1934620031
You can set "optional_set_type_class" here:
https://github.com/volatilityfoundation/volatility3/blob/a17281a2145f5aa353fcccc35f09cfcd40ad0aa4/volatility3/framework/symbols/linux/init.py#L80
and here:
https://github.com/volatilityfoundation/volatility3/blob/a17281a2145f5aa353fcccc35f09cfcd40ad0aa4/volatility3/framework/symbols/linux/network.py#L18
Thanks a lot. Now i fix this lines:
symbol_table.optional_set_type_class("socket", network.socket) symbol_table.optional_set_type_class("inet_sock", network.inet_sock) symbol_table.optional_set_type_class("unix_sock", network.unix_sock)
and output is :
C:\Users\user\Desktop\Voltality 3 Develop\vol3develop>python vol.py -vvvvvv -f "C:\Users\user\Desktop\Voltality 3 Develop\memory.lime" --symbol-dirs "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols\android-kernel-symbols.json" --single-location "C:\Users\user\Desktop\Voltality 3 Develop\memory.lime" linux.pslist.PsList
INFO volatility3.cli: Volatility plugins path: ['C:\\Users\\user\\Desktop\\Voltality 3 Develop\\vol3develop\\volatility3\\plugins', 'C:\\Users\\user\\Desktop\\Voltality 3 Develop\\vol3develop\\volatility3\\framework\\plugins']
INFO volatility3.cli: Volatility symbols path: ['C:\\Users\\user\\Desktop\\Voltality 3 Develop\\vol3develop\\volatility3\\symbols\\android-kernel-symbols.json', 'C:\\Users\\user\\Desktop\\Voltality 3 Develop\\vol3develop\\volatility3\\symbols', 'C:\\Users\\user\\Desktop\\Voltality 3 Develop\\vol3develop\\volatility3\\framework\\symbols']
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\plugins, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\plugins
DEBUG volatility3.plugins.yarascan: Using yara-python module
DEBUG volatility3.plugins.renderers.parquet_renderer: Arrow/Parquet libraries not found
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\automagic
Volatility 3 Framework 2.27.0
DETAIL 3 volatility3.cli: Cache directory used: C:\Users\user\AppData\Roaming\volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols\android-kernel-symbols.json, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols
INFO volatility3.framework.automagic: Running automagic: LayerStacker
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 3 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler, S3FileSystemHandler, GSFileSystemHandler, LeechCoreHandler
DETAIL 4 volatility3.framework.layers.resources: UNC path detected, converted path file://///C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime to file:///////C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Bad magic 0x4c694d45 at file offset 0x0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Bad magic 0x4c694d45 at file offset 0x0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Stacked LimeLayer using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelVMCOREINFOStacker
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols\android-kernel-symbols.json, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\symbols, C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\symbols
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DEBUG volatility3.framework.automagic.linux: Values found in VMCOREINFO: KASLR=0x1dc00000, ASLR=0x2e400000, DTB=0x20e3c000
DETAIL 2 volatility3.framework.automagic.stacker: Stacked primary using LinuxIntelVMCOREINFOStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name.memory_layer
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name.memory_layer.base_layer
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework.layers.resources: UNC path detected, converted path file://///C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime to file:///////C:/Users/user/Desktop/Voltality%203%20Develop/memory.lime
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DETAIL 4 volatility3.framework: Importing from the following paths: C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\layers
DEBUG volatility3.framework.automagic.stacker: physical_layer maximum_address: 2146905151
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['primary', 'LimeLayer', 'FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DEBUG volatility3.framework.automagic.symbol_finder: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DEBUG volatility3.framework.automagic.symbol_finder: Using symbol library: file:///C:/Users/user/Desktop/Voltality%203%20Develop/vol3develop/volatility3/symbols/android-kernel-symbols.json
DEBUG volatility3.framework.automagic.symbol_finder: producer_name: dwarf2json, producer_version: 0.9.0
DEBUG volatility3.framework.automagic.symbol_finder: Types:
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'dwarf', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': '5e98df50d5b909c5879d2f5cfea58e4bf8ac461afe654a4ec958e460e164ec86'}
DEBUG volatility3.framework.automagic.symbol_finder: Symbols:
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'dwarf', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': '5e98df50d5b909c5879d2f5cfea58e4bf8ac461afe654a4ec958e460e164ec86'}
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'symtab', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': '5e98df50d5b909c5879d2f5cfea58e4bf8ac461afe654a4ec958e460e164ec86'}
INFO volatility3.framework.automagic: Running automagic: KernelModule
DEBUG volatility3.cli: Successfully constructed linux.pslist.PsList (4, 1, 1)
DETAIL 3 volatility3.cli.text_filter: Filters:
[]
OFFSET (V) PID TID PPID COMM UID GID EUID EGID CREATION TIME File output
Traceback (most recent call last):
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\vol.py", line 11, in <module>
volatility3.cli.main()
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\cli\__init__.py", line 934, in main
CommandLine().run()
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\cli\__init__.py", line 522, in run
renderer.render(grid)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\cli\text_renderer.py", line 329, in render
grid.populate(visitor, outfd)
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\renderers\__init__.py", line 318, in populate
for level, item in self._generator:
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\plugins\linux\pslist.py", line 213, in _generator
for task in self.list_tasks(
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\plugins\linux\pslist.py", line 270, in list_tasks
for task in init_task.tasks.to_list(
File "C:\Users\user\Desktop\Voltality 3 Develop\vol3develop\volatility3\framework\objects\__init__.py", line 993, in __getattr__
raise AttributeError(
AttributeError: StructType has no attribute: symbol_table_name1!bd_openers.tasks
Did you compile the kernel yourself? If not, can you provide the symbols file here please?
Yes i compiled the kernel. But i wanted to send you privatly this kernel with my kernel-ranchu file and .config to check in this all files. I can put if on my Google Drive or something with password.
You need to ensure that https://cateee.net/lkddb/web-lkddb/DEBUG_INFO_REDUCED.html is set to 'n' in the kernel config
Hello. Im sure that this option is set to No. I check this. If u want to i can send link to my google drive to you and password on priv,to check vmlinux,bzImage,module.symvers,System.map and .config files. I dont know what this error extacly means and how to fix this to continue analyze of my ram file.
Could you share the .config file here first? That shouldn't contain sensitive information?
I add .config but there also ON dwarf5 symbols info in config but theres show as not set.
I can see CONFIG_DEBUG_INFO_NONE=y in there, is that the .config used by the compiler or the default one?
Sorry, i send to you invalid .config,from other configuration.
This is valid config kernel which i use with AVD, and theres
CONFIG_DEBUG_INFO=y , # CONFIG_DEBUG_INFO_NONE is not set .
Yes,now i m sure, that this config is from working AVD. (pulled from adb).
CONFIG_DEBUG_INFO_COMPRESSED_ZSTD=y could be the issue, I'm not sure if dwarf2json handles this format correctly. Could you try re-compiling without any CONFIG_DEBUG_INFO_COMPRESSED option set please?
I dont know how to change this value. I set it by
bazel run //common-modules/virtual-device:virtual_device_x86_64_config -- menuconfig
, then build by :
bazel build //common-modules/virtual-device:virtual_device_x86_64
but it doesnt change.
In menuconfig i changed this to Dont compress debug info.
Inside menuconfig type / and search for DEBUG_INFO_COMPRESSED option or DEBUG_INFO_COMPRESSED_ZSTD
OK,ive got new config and kernel with this config ,im sure that this options are disabled= new dump.lime!
> python vol.py -vvvvvv -f ~/Desktop/dump.lime linux.pslist
ubuntu@ubuntu:~/Desktop/volatility3$ python vol.py -vvvvvv -f ~/Desktop/dump.lime linux.pslist
INFO volatility3.cli: Volatility plugins path: ['/home/ubuntu/Desktop/volatility3/volatility3/plugins', '/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins']
INFO volatility3.cli: Volatility symbols path: ['/home/ubuntu/Desktop/volatility3/volatility3/symbols', '/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols']
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/plugins, /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cmdscan.py", line 17, in <module>
from volatility3.plugins.windows import pslist, consoles
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/consoles.py", line 21, in <module>
from volatility3.plugins.windows import pslist, info, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cmdscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cmdscan.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/direct_system_calls.py", line 7, in <module>
from volatility3.plugins.windows.malware import direct_system_calls
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/direct_system_calls.py", line 13, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.direct_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/direct_system_calls.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/consoles.py", line 21, in <module>
from volatility3.plugins.windows import pslist, info, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.consoles based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/consoles.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/orphan_kernel_threads.py", line 10, in <module>
from volatility3.plugins.windows import thrdscan, ssdt, modules
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.orphan_kernel_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/orphan_kernel_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/iat.py", line 6, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.iat based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/iat.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/etwpatch.py", line 10, in <module>
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.etwpatch based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/etwpatch.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/skeleton_key_check.py", line 6, in <module>
from volatility3.plugins.windows.malware import skeleton_key_check
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py", line 17, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.skeleton_key_check based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/skeleton_key_check.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netscan.py", line 17, in <module>
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/unhooked_system_calls.py", line 6, in <module>
from volatility3.plugins.windows.malware import (
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py", line 16, in <module>
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.unhooked_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/unhooked_system_calls.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/vadyarascan.py", line 12, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/vadyarascan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/lsadump.py", line 7, in <module>
from volatility3.plugins.windows.registry import lsadump
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/lsadump.py", line 9, in <module>
from Crypto.Cipher import ARC4, DES, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.lsadump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/lsadump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/debugregisters.py", line 18, in <module>
import volatility3.plugins.windows.threads as threads
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.debugregisters based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/debugregisters.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netstat.py", line 15, in <module>
from volatility3.plugins.windows import netscan, modules, info, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netscan.py", line 17, in <module>
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netstat based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netstat.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.thrdscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.pe_symbols based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/mftscan.py", line 13, in <module>
from volatility3.plugins import timeliner, yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.mftscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/mftscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/hashdump.py", line 7, in <module>
from volatility3.plugins.windows.registry import hashdump
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/hashdump.py", line 10, in <module>
from Crypto.Cipher import AES, ARC4, DES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.hashdump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/hashdump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/psxview.py", line 6, in <module>
from volatility3.plugins.windows.malware import psxview
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/psxview.py", line 12, in <module>
from volatility3.plugins.windows import handles, pslist, psscan, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.psxview based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/psxview.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspended_threads.py", line 10, in <module>
import volatility3.plugins.windows.threads as threads
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.suspended_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspended_threads.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.verinfo based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/indirect_system_calls.py", line 6, in <module>
from volatility3.plugins.windows.malware import indirect_system_calls
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py", line 11, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.indirect_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/indirect_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspicious_threads.py", line 6, in <module>
from volatility3.plugins.windows.malware import suspicious_threads
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/suspicious_threads.py", line 11, in <module>
from volatility3.plugins.windows import pslist, threads, vadinfo, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.suspicious_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspicious_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cachedump.py", line 7, in <module>
from volatility3.plugins.windows.registry import cachedump
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/cachedump.py", line 8, in <module>
from Crypto.Cipher import ARC4, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cachedump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cachedump.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/direct_system_calls.py", line 13, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.direct_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/direct_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py", line 17, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.skeleton_key_check based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py", line 16, in <module>
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.unhooked_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/psxview.py", line 12, in <module>
from volatility3.plugins.windows import handles, pslist, psscan, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.psxview based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/psxview.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py", line 11, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.indirect_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/suspicious_threads.py", line 11, in <module>
from volatility3.plugins.windows import pslist, threads, vadinfo, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.suspicious_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/suspicious_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/lsadump.py", line 9, in <module>
from Crypto.Cipher import ARC4, DES, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.lsadump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/lsadump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/hashdump.py", line 10, in <module>
from Crypto.Cipher import AES, ARC4, DES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.hashdump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/hashdump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/cachedump.py", line 8, in <module>
from Crypto.Cipher import ARC4, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.cachedump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/cachedump.py
DEBUG volatility3.plugins.renderers.parquet_renderer: Arrow/Parquet libraries not found
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/linux/vmayarascan.py", line 11, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.linux.vmayarascan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/linux/vmayarascan.py
INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.linux.vmayarascan, volatility3.plugins.windows.cachedump, volatility3.plugins.windows.cmdscan, volatility3.plugins.windows.consoles, volatility3.plugins.windows.debugregisters, volatility3.plugins.windows.direct_system_calls, volatility3.plugins.windows.etwpatch, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.iat, volatility3.plugins.windows.indirect_system_calls, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.malware.direct_system_calls, volatility3.plugins.windows.malware.indirect_system_calls, volatility3.plugins.windows.malware.psxview, volatility3.plugins.windows.malware.skeleton_key_check, volatility3.plugins.windows.malware.suspicious_threads, volatility3.plugins.windows.malware.unhooked_system_calls, volatility3.plugins.windows.mftscan, volatility3.plugins.windows.netscan, volatility3.plugins.windows.netstat, volatility3.plugins.windows.orphan_kernel_threads, volatility3.plugins.windows.pe_symbols, volatility3.plugins.windows.psxview, volatility3.plugins.windows.registry.cachedump, volatility3.plugins.windows.registry.hashdump, volatility3.plugins.windows.registry.lsadump, volatility3.plugins.windows.skeleton_key_check, volatility3.plugins.windows.suspended_threads, volatility3.plugins.windows.suspicious_threads, volatility3.plugins.windows.thrdscan, volatility3.plugins.windows.threads, volatility3.plugins.windows.unhooked_system_calls, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/automagic
Volatility 3 Framework 2.27.0
DETAIL 3 volatility3.cli: Cache directory used: /home/ubuntu/.cache/volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in /home/ubuntu/Desktop/volatility3/volatility3/symbols, /home/ubuntu/Desktop/volatility3/volatility3/framework/symbols
DETAIL 3 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
DETAIL 2 volatility3.framework.automagic.symbol_cache: Identified file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/generic/linux-6.6.3.0.json as b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DETAIL 2 volatility3.framework.automagic.symbol_cache: Identified file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/linux-6.6.3.0.json as b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
INFO volatility3.framework.automagic: Running automagic: LayerStacker
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Stacked LimeLayer using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelVMCOREINFOStacker
DEBUG volatility3.framework.automagic.symbol_cache: Duplicate entry for identifier b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00': file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/linux-6.6.3.0.json and file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/generic/linux-6.6.3.0.json
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in /home/ubuntu/Desktop/volatility3/volatility3/symbols, /home/ubuntu/Desktop/volatility3/volatility3/framework/symbols
DEBUG volatility3.schemas: Validating JSON against schema...
DEBUG volatility3.schemas: JSON validated against schema (result cached)
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DEBUG volatility3.schemas: Validating JSON against schema...
DEBUG volatility3.schemas: JSON validated against schema (result cached)
DETAIL 3 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: inet_sock
DETAIL 4 volatility3.framework.automagic.stacker: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/automagic/stacker.py", line 219, in stack_layer
new_layer = stacker.stack(context, initial_layer, progress_callback)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/automagic/linux.py", line 337, in stack
table = linux.LinuxKernelIntermedSymbols(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols/linux/__init__.py", line 83, in __init__
self.set_type_class("inet_sock", extensions.network.inet_sock)
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols/intermed.py", line 60, in _delegate_function
return getattr(self._delegate, name)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols/intermed.py", line 446, in set_type_class
raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")
ValueError: Symbol type not in LintelStacker1 SymbolTable: inet_sock
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DEBUG volatility3.framework.automagic.symbol_cache: Duplicate entry for identifier b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00': file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/linux-6.6.3.0.json and file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/generic/linux-6.6.3.0.json
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DETAIL 3 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: inet_sock
DETAIL 4 volatility3.framework.automagic.stacker: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/automagic/stacker.py", line 219, in stack_layer
new_layer = stacker.stack(context, initial_layer, progress_callback)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/automagic/linux.py", line 58, in stack
table = linux.LinuxKernelIntermedSymbols(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols/linux/__init__.py", line 83, in __init__
self.set_type_class("inet_sock", extensions.network.inet_sock)
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols/intermed.py", line 60, in _delegate_function
return getattr(self._delegate, name)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols/intermed.py", line 446, in set_type_class
raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")
ValueError: Symbol type not in LintelStacker1 SymbolTable: inet_sock
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: LimeLayer
DETAIL 1 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG volatility3.framework.automagic.stacker: physical_layer maximum_address: 2146905151
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['LimeLayer', 'FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
INFO volatility3.framework.automagic: Running automagic: KernelModule
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Unsatisfied requirement plugins.PsList.kernel.layer_name:
Unsatisfied requirement plugins.PsList.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that:
A file was provided to create this layer (by -f, --single-location or by config)
The file exists and is readable
The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that:
The associated translation layer requirement was fulfilled
You have the correct symbol file for the requirement
The symbol file is under the correct directory or zip file
The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.PsList.kernel.layer_name', 'plugins.PsList.kernel.symbol_table_name']
Same problem.
and after adding optional.set_type_class to network linux:
ubuntu@ubuntu:~/Desktop/volatility3$ python vol.py -vvvvvv -f ~/Desktop/dump.lime linux.pslist
INFO volatility3.cli: Volatility plugins path: ['/home/ubuntu/Desktop/volatility3/volatility3/plugins', '/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins']
INFO volatility3.cli: Volatility symbols path: ['/home/ubuntu/Desktop/volatility3/volatility3/symbols', '/home/ubuntu/Desktop/volatility3/volatility3/framework/symbols']
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/plugins, /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cmdscan.py", line 17, in <module>
from volatility3.plugins.windows import pslist, consoles
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/consoles.py", line 21, in <module>
from volatility3.plugins.windows import pslist, info, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cmdscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cmdscan.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/direct_system_calls.py", line 7, in <module>
from volatility3.plugins.windows.malware import direct_system_calls
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/direct_system_calls.py", line 13, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.direct_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/direct_system_calls.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/consoles.py", line 21, in <module>
from volatility3.plugins.windows import pslist, info, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.consoles based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/consoles.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/orphan_kernel_threads.py", line 10, in <module>
from volatility3.plugins.windows import thrdscan, ssdt, modules
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.orphan_kernel_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/orphan_kernel_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/iat.py", line 6, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.iat based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/iat.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/etwpatch.py", line 10, in <module>
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.etwpatch based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/etwpatch.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/skeleton_key_check.py", line 6, in <module>
from volatility3.plugins.windows.malware import skeleton_key_check
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py", line 17, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.skeleton_key_check based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/skeleton_key_check.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netscan.py", line 17, in <module>
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/unhooked_system_calls.py", line 6, in <module>
from volatility3.plugins.windows.malware import (
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py", line 16, in <module>
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.unhooked_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/unhooked_system_calls.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/vadyarascan.py", line 12, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/vadyarascan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/lsadump.py", line 7, in <module>
from volatility3.plugins.windows.registry import lsadump
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/lsadump.py", line 9, in <module>
from Crypto.Cipher import ARC4, DES, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.lsadump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/lsadump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/debugregisters.py", line 18, in <module>
import volatility3.plugins.windows.threads as threads
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.debugregisters based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/debugregisters.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netstat.py", line 15, in <module>
from volatility3.plugins.windows import netscan, modules, info, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netscan.py", line 17, in <module>
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netstat based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/netstat.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.thrdscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.pe_symbols based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/mftscan.py", line 13, in <module>
from volatility3.plugins import timeliner, yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.mftscan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/mftscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/hashdump.py", line 7, in <module>
from volatility3.plugins.windows.registry import hashdump
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/hashdump.py", line 10, in <module>
from Crypto.Cipher import AES, ARC4, DES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.hashdump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/hashdump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/psxview.py", line 6, in <module>
from volatility3.plugins.windows.malware import psxview
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/psxview.py", line 12, in <module>
from volatility3.plugins.windows import handles, pslist, psscan, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.psxview based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/psxview.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspended_threads.py", line 10, in <module>
import volatility3.plugins.windows.threads as threads
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.suspended_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspended_threads.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.verinfo based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/verinfo.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/indirect_system_calls.py", line 6, in <module>
from volatility3.plugins.windows.malware import indirect_system_calls
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py", line 11, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.indirect_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/indirect_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspicious_threads.py", line 6, in <module>
from volatility3.plugins.windows.malware import suspicious_threads
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/suspicious_threads.py", line 11, in <module>
from volatility3.plugins.windows import pslist, threads, vadinfo, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.suspicious_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/suspicious_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cachedump.py", line 7, in <module>
from volatility3.plugins.windows.registry import cachedump
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/cachedump.py", line 8, in <module>
from Crypto.Cipher import ARC4, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cachedump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/cachedump.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/direct_system_calls.py", line 13, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.direct_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/direct_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py", line 17, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.skeleton_key_check based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py", line 16, in <module>
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.unhooked_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/psxview.py", line 12, in <module>
from volatility3.plugins.windows import handles, pslist, psscan, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.psxview based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/psxview.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py", line 11, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.indirect_system_calls based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/suspicious_threads.py", line 11, in <module>
from volatility3.plugins.windows import pslist, threads, vadinfo, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/threads.py", line 10, in <module>
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in <module>
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in <module>
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.suspicious_threads based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/malware/suspicious_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/lsadump.py", line 9, in <module>
from Crypto.Cipher import ARC4, DES, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.lsadump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/lsadump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/hashdump.py", line 10, in <module>
from Crypto.Cipher import AES, ARC4, DES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.hashdump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/hashdump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/cachedump.py", line 8, in <module>
from Crypto.Cipher import ARC4, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.cachedump based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/windows/registry/cachedump.py
DEBUG volatility3.plugins.renderers.parquet_renderer: Arrow/Parquet libraries not found
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 19, in <module>
import yara_x
ModuleNotFoundError: No module named 'yara_x'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/__init__.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/linux/vmayarascan.py", line 11, in <module>
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/yarascan.py", line 25, in <module>
import yara
ModuleNotFoundError: No module named 'yara'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.linux.vmayarascan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/linux/vmayarascan.py
INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.linux.vmayarascan, volatility3.plugins.windows.cachedump, volatility3.plugins.windows.cmdscan, volatility3.plugins.windows.consoles, volatility3.plugins.windows.debugregisters, volatility3.plugins.windows.direct_system_calls, volatility3.plugins.windows.etwpatch, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.iat, volatility3.plugins.windows.indirect_system_calls, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.malware.direct_system_calls, volatility3.plugins.windows.malware.indirect_system_calls, volatility3.plugins.windows.malware.psxview, volatility3.plugins.windows.malware.skeleton_key_check, volatility3.plugins.windows.malware.suspicious_threads, volatility3.plugins.windows.malware.unhooked_system_calls, volatility3.plugins.windows.mftscan, volatility3.plugins.windows.netscan, volatility3.plugins.windows.netstat, volatility3.plugins.windows.orphan_kernel_threads, volatility3.plugins.windows.pe_symbols, volatility3.plugins.windows.psxview, volatility3.plugins.windows.registry.cachedump, volatility3.plugins.windows.registry.hashdump, volatility3.plugins.windows.registry.lsadump, volatility3.plugins.windows.skeleton_key_check, volatility3.plugins.windows.suspended_threads, volatility3.plugins.windows.suspicious_threads, volatility3.plugins.windows.thrdscan, volatility3.plugins.windows.threads, volatility3.plugins.windows.unhooked_system_calls, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/automagic
Volatility 3 Framework 2.27.0
DETAIL 3 volatility3.cli: Cache directory used: /home/ubuntu/.cache/volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in /home/ubuntu/Desktop/volatility3/volatility3/symbols, /home/ubuntu/Desktop/volatility3/volatility3/framework/symbols
INFO volatility3.framework.automagic: Running automagic: LayerStacker
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 3 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Stacked LimeLayer using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelVMCOREINFOStacker
DEBUG volatility3.framework.automagic.symbol_cache: Duplicate entry for identifier b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00': file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/linux-6.6.3.0.json and file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/generic/linux-6.6.3.0.json
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in /home/ubuntu/Desktop/volatility3/volatility3/symbols, /home/ubuntu/Desktop/volatility3/volatility3/framework/symbols
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DEBUG volatility3.framework.automagic.linux: Values found in VMCOREINFO: KASLR=0x57000000, ASLR=0x7c00000, DTB=0x5a23c000
DETAIL 2 volatility3.framework.automagic.stacker: Stacked primary using LinuxIntelVMCOREINFOStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name.memory_layer
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name.memory_layer.base_layer
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/volatility3/volatility3/framework/layers
DEBUG volatility3.framework.automagic.stacker: physical_layer maximum_address: 2146905151
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['primary', 'LimeLayer', 'FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DEBUG volatility3.framework.automagic.symbol_cache: Duplicate entry for identifier b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00': file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/linux-6.6.3.0.json and file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/generic/linux-6.6.3.0.json
DEBUG volatility3.framework.automagic.symbol_finder: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DEBUG volatility3.framework.automagic.symbol_finder: Using symbol library: file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/linux-6.6.3.0.json
DEBUG volatility3.framework.automagic.symbol_finder: producer_name: dwarf2json, producer_version: 0.9.0
DEBUG volatility3.framework.automagic.symbol_finder: Types:
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'dwarf', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': 'e208156f034b39133f1b06e610b9aeba85f2fa08ddf4add2df08dbf5a1399cc8'}
DEBUG volatility3.framework.automagic.symbol_finder: Symbols:
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'dwarf', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': 'e208156f034b39133f1b06e610b9aeba85f2fa08ddf4add2df08dbf5a1399cc8'}
DEBUG volatility3.framework.automagic.symbol_finder: {'kind': 'symtab', 'name': 'vmlinux', 'hash_type': 'sha256', 'hash_value': 'e208156f034b39133f1b06e610b9aeba85f2fa08ddf4add2df08dbf5a1399cc8'}
INFO volatility3.framework.automagic: Running automagic: KernelModule
DEBUG volatility3.cli: Successfully constructed linux.pslist.PsList (4, 1, 1)
DETAIL 3 volatility3.cli.text_filter: Filters:
[]
OFFSET (V) PID TID PPID COMM UID GID EUID EGID CREATION TIME File output
Traceback (most recent call last):
File "/home/ubuntu/Desktop/volatility3/vol.py", line 11, in <module>
volatility3.cli.main()
File "/home/ubuntu/Desktop/volatility3/volatility3/cli/__init__.py", line 934, in main
CommandLine().run()
File "/home/ubuntu/Desktop/volatility3/volatility3/cli/__init__.py", line 522, in run
renderer.render(grid)
File "/home/ubuntu/Desktop/volatility3/volatility3/cli/text_renderer.py", line 329, in render
grid.populate(visitor, outfd)
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/renderers/__init__.py", line 318, in populate
for level, item in self._generator:
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/linux/pslist.py", line 213, in _generator
for task in self.list_tasks(
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/linux/pslist.py", line 270, in list_tasks
for task in init_task.tasks.to_list(
^^^^^^^^^^^^^^^
File "/home/ubuntu/Desktop/volatility3/volatility3/framework/objects/__init__.py", line 993, in __getattr__
raise AttributeError(
AttributeError: StructType has no attribute: symbol_table_name1!bd_openers.tasks
Ok, can you make sure that the previous ISF was completely removed from the symbols folder, add back the new one and then re-run with python vol.py --clear-cache please?
If that still doesn't work, can you send the latest ISF here please (the one without zstd)?
I clear cache,same problem. New .json file with symbols - link: https://www.dropbox.com/t/lrCnnSu0JLO0Uza9
That does not look sane. I think I remember seeing that in the past, and it was related to compressed dwarf data.
Would you mind trying to build the profile from the btf data:
- https://github.com/vobst/btf2json/releases/tag/v0.1.0
ubuntu@ubuntu:~/Desktop/btf2json$ btf2json --btf vmlinux --map System.map > linux-6.6.30-android15.ISF [2025-12-04T10:20:05Z ERROR btf2json::isf] 596 symbols reference missing types, 17 unique types are missing
I use btf2json.