This one’s for all the command line lovers out there: I’m happy to release volshell, an interactive shell built on Python and designed with memory analysis research in mind. I gave a demo of this at my OMFW talk, “Interactive Memory Exploration with Volatility”; since it was more of a live demo, I don’t have slides from that, but you can find my notes here. You should be able to follow the notes as a sort of walkthrough that will get you up and running with volshell, and introduce some of the more advanced features.
Briefly, here are some of the features of volshell:
- Shell is a full Python interpreter, so all the power of Python can be leveraged.
- Uses Volatility 1.3 object model for easy access to data structures in memory.
- Can use iPython for the underlying shell if available, which enables some nice features.
- Commands modelled after WinDbg.
- Works with any memory image format that Volatility supports (dd, crash, vmem, hibernation file)
To use it, just download volshell.py and drop it in your memory_plugins directory in Volatility 1.3. Then start the shell with:
$ python volatility volshell -f $IMAGE
Enjoy!
View full post on Push the Red Button
Related Posts
- Introducing: Palevo Tracker
Today we are going to talk about a nasty worm called Palevo.
Palevo (also known as Rimecud, Butterfly bot or Pilleuz) made some big press in 2009 when Panda Security announced the coordinated takedown... - Introducing: SpyEye Tracker
It’s now more than one and a half year ago, when I’ve published ZeuS Tracker.
During the last few weeks SpyEye (a Crimeware kit like ZeuS) has obtained a lot of media attention. In Octobe... - Introducing: Roguevertising
Introducing: Roguevertising
A new term in the rogue industry – written by Bart Parys
Today I will be talking about a new trend that spreads itself quite quickly throughout the internet.
In this docu... - Introducing Norton Antivirus and Internet Security 2009 | Virus Spyware Protection
Virus spyware computer protection, antispyware software, Zero-impact performance from Norton Internet Security 2009 and Norton AntiVirus 2009; new products feature enha... - Introducing MalFI – Another Report From HostExploit
I’m a few days late for posting this but the HostExploit team has produced another report, this time on an attack dubbed “MalFI” for malicious file inclusion. This encompasses remote... - Introducing Qubes OS
For the last 6 months we have been busy with a new project: Qubes. Qubes is an open source OS based on Xen, X, and Linux, designed to provide strong isolation for desktop computing. The link to the pr...
Posted on 04 May 2010. Tags: Introducing, Volshell
I just played around with this – Very cool!
All the best,
-Jamie