Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

windows.handles.Handles not working #1097

Open
mikeInCalgary opened this issue Feb 8, 2024 · 5 comments
Open

windows.handles.Handles not working #1097

mikeInCalgary opened this issue Feb 8, 2024 · 5 comments
Assignees
@ikelos

Comments

@mikeInCalgary
Copy link

Describe the bug
plugin produces no output

Context
Volatility Version:
Operating System: Kali, Parrot, Win10
Python Version: 3.11 and 3.12
Suspected Operating System: Linux (Debian), windows
Command: vol.py -vvvv -f SECURITYNIK-WIN-20231116-235706.dmp windows.handles.Handles --pid=4

To Reproduce
Steps to reproduce the behavior: Run the plugin. Command and memory dump have been provided below.

  1. Use command '...'
  2. See error
  3. Did add some debugging print statements. See shortOutput.txt. Seems to move back and forth between automagic and handles.py. Possible thread timing problem? Have read previous issues. Have jsonschema, pycryptodome and capstone installed. Have tried on multiple OS's and versions of Volatility3. Have also provided vvvvv output as fullOutputWith_vvvv.txt.
  4. Most plugins have been working just fine so this is anomalous (And thanks for the vast majority that run without a hitch!)
  5. I submitted an issue that seems to have disappeared. Taking screenshot this time

Expected behavior
A clear and concise description of what you expected to happen.
Should produce a table of results. Not getting anything.

Example output
Please copy and paste the text demonstrating the issue, ideally with verbose output turned on (vol.py -vvv ...).
fullOutputWith_vvvv.txt
shortOutput.txt

Text is preferred to screenshots for searching and to talk about specific parts of the output.

Additional information
In this case the memory dump is available to the public. https://github.com/SecurityNik/CTF
@mikeInCalgary
Copy link
Author

That was volatility 2.5.2

@mikeInCalgary mikeInCalgary changed the title windows.handles.Handles not working pwdwindows.handles.Handles not working Feb 8, 2024
@mikeInCalgary mikeInCalgary reopened this Feb 8, 2024
@mikeInCalgary
Copy link
Author

Sorry wanted to close window not the issue

@mikeInCalgary mikeInCalgary changed the title pwdwindows.handles.Handles not working windows.handles.Handles not working Feb 10, 2024
@ikelos
Copy link
Member

ikelos commented Feb 10, 2024

So those debug messages aren't actually errors, they're just informational, although you're not getting any results from the plugin. There were a few debugging messages in there that I didn't recognize. Have you managed to narrow down where you think the plugin is deviating from what you'd expect?

@mikeInCalgary
Copy link
Author

As of yet, sorry no.

@ikelos
Copy link
Member

ikelos commented Feb 19, 2024

That's ok we'll leave this open, and I'll try to give it a look when I get a bit of time (likely a weekend, but it'll probably been in March at this point, since I'm quite busy)...

@ikelos ikelos self-assigned this Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ikelos ikelos

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ikelos @mikeInCalgary