This repository was archived by the owner on May 16, 2025. It is now read-only.
This repository was archived by the owner on May 16, 2025. It is now read-only.
Windows 10 x64 psscan error: ^: 'int' and 'NoneType' #436
Description
Note: Win10x64_14393 is the correct profile for this memory sample.
$ python vol.py -f Windows\ 10\ x64-c4aa8f1b.vmem --profile=Win10x64_14393 psscan
Volatility Foundation Volatility Framework 2.6
Offset(P) Name PID PPID PDB
Time created Time exited
------------------ ---------------- ------ ------ ------------------
------------------------------ ------------------------------
WARNING : volatility.debug : Cannot find nt!ObGetObjectType
WARNING : volatility.debug : Cannot find nt!ObGetObjectType
Traceback (most recent call last):
File "vol.py", line 192, in <module>
main()
File "vol.py", line 183, in main
command.execute()
File "volatility/volatility/commands.py", line 147, in execute
func(outfd, data)
File "volatility/volatility/plugins/filescan.py", line 423, in render_text
for eprocess in data:
File "volatility/volatility/poolscan.py", line 252, in scan
skip_type_check = skip_type_check)
File "volatility/volatility/plugins/overlays/windows/windows.py", line
1144, in get_object
return self.get_object_top_down(struct_name, object_type,
skip_type_check)
File "volatility/volatility/plugins/overlays/windows/windows.py", line
1117, in get_object_top_down
header.get_object_type() == object_type):
File "volatility/volatility/plugins/overlays/windows/win7.py", line
155, in get_object_type
return self.type_map.get(int(self.TypeIndex), '')
File "volatility/volatility/plugins/overlays/windows/win10.py", line
279, in TypeIndex
return ((addr >> 8) ^ cook ^ indx) & 0xFF
TypeError: unsupported operand type(s) for ^: 'int' and 'NoneType'