Vol Community plugs not working - DPAPIck about community HOT 6 OPEN

from community.

Thanks for response, but I am afraid that doesnt work :

$ vol.py —plugins=contrib/plugins -f test.raw --profile=Win7SP1x86 malprocfind
Volatility Foundation Volatility Framework 2.6
ERROR : volatility.debug : You must specify something to do (try -h)

from community.

I seem to have solved other problems but I still cant get vol.py to run due to thsi error:

$ vol.py -h
Volatility Foundation Volatility Framework 2.6
ERROR : volatility.debug : Please install DPAPIck library: https://bitbucket.org/jmichel/dpapick

as you can see module is installed

$ pip install dpapick
Requirement already satisfied: dpapick in /usr/local/lib/python2.7/dist-packages
Requirement already satisfied: pyasn1>=0.1.7 in /usr/local/lib/python2.7/dist-packages (from dpapick)
Requirement already satisfied: M2Crypto>=0.21.1 in /usr/local/lib/python2.7/dist-packages (from dpapick)
Requirement already satisfied: CFPropertyList in /usr/local/lib/python2.7/dist-packages (from dpapick)
Requirement already satisfied: python-registry>=1.0.4 in /usr/local/lib/python2.7/dist-packages (from dpapick)
Requirement already satisfied: typing in /usr/local/lib/python2.7/dist-packages (from M2Crypto>=0.21.1->dpapick)
Requirement already satisfied: enum34 in /usr/local/lib/python2.7/dist-packages (from python-registry>=1.0.4->dpapick)

from community.

Same error here

from community.

Just in case, make sure that dpapick is installed for the correct python:

$ cat $(which pip)
#!/usr/bin/python
...

Look at vol.py to see how it calls python:

$ grep python vol.py 
#!/usr/bin/env python
#  -*- mode: python; -*-
...

(or $ grep python $(which vol.py) because I'm not sure how they set this up on sift)

See if you get the same path as what you saw in pip earlier:

$ /usr/bin/env python -c "import sys; print sys.executable"
/usr/bin/python

You can also verify that dpapick is installed. Run python the same way and then try to import like the plugin does:

$ /usr/bin/env python
Python 2.7.14 (default, Mar 22 2018, 14:43:05) 
[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from DPAPI.Core import *
>>>

If you don't have the library installed for that python you will see the following instead:

>>> from DPAPI.Core import *
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ImportError: No module named DPAPI.Core
>>> 

So, one way that you can make sure that it gets installed for your version of python you can manually install it (without using pip), or you can change the first line of the pip script to point to the appropriate python binary.

from community.

For this issue:

Thanks for response, but I am afraid that doesnt work :

$ vol.py —plugins=contrib/plugins -f test.raw --profile=Win7SP1x86 malprocfind
Volatility Foundation Volatility Framework 2.6
ERROR : volatility.debug : You must specify something to do (try -h)

I'm not sure, but it might have happened if you copied and pasted my command. Notice that —plugins= looks different than --plugins= . Sometimes when you copy those modified dashes from pdfs, word docs, web pages etc, the commands don't work, because that combined double dash (—) is actually different than the regular double dash (--). Although it does seem like you managed to get past this issue, I thought I'd add that here in case someone else needs it.

from community.