Failed to import volatility.plugins.registry.shutdown (ImportError: No module named Crypto.Hash)

by Ceyhun CAMLI · Published Temmuz 4, 2020 · Updated Temmuz 4, 2020

Windows 10 üzerinde Volatility aracı ile memory dump analizi yapmak istediğinizde aşağıdaki hatayı alıyorsanız yapmanız gereken, pycrypto ve distorm3’ü kurmaktır. Windows için kurulum bağlantılarına aşağıdan ulaşabilirsiniz.

http://www.voidspace.org.uk/python/modules.shtml#pycrypto
https://github.com/gdabah/distorm/releases/tag/v3.3.3

GNU/Linux tabanlı bir dağıtım kullanıyorsanız aşağıdaki komut işinizi görecektir.

[email protected]# pip install pycrypto && pip install distorm3

C:\Users\0x000c\volatility>C:\Python27\python.exe vol.py imageinfo -f WHOAMI-20200704-123629.raw

Volatility Foundation Volatility Framework 2.6.1

*** Failed to import volatility.plugins.registry.shutdown (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.getservicesids (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.timeliner (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.malware.apihooks (NameError: name ‘distorm3’ is not defined)

*** Failed to import volatility.plugins.malware.servicediff (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.registry.userassist (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.getsids (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.registry.shellbags (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.evtlogs (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.tcaudit (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.registry.dumpregistry (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.registry.lsadump (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.malware.threads (NameError: name ‘distorm3’ is not defined)

*** Failed to import volatility.plugins.mac.apihooks_kernel (ImportError: No module named distorm3)

*** Failed to import volatility.plugins.registry.amcache (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.mac.check_syscall_shadow (ImportError: No module named distorm3)

*** Failed to import volatility.plugins.malware.svcscan (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.registry.auditpol (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.ssdt (NameError: name ‘distorm3’ is not defined)

*** Failed to import volatility.plugins.registry.registryapi (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.mac.apihooks (ImportError: No module named distorm3)

*** Failed to import volatility.plugins.envars (ImportError: No module named Crypto.Hash)

*** Failed to import volatility.plugins.registry.shimcache (ImportError: No module named Crypto.Hash)

INFO : volatility.debug : Determining profile based on KDBG search…

COMMANDO Sat 07/04/2020 11:23:33.45