malfind option error about malwarecookbook HOT 6 CLOSED

Hello. There's a different version of malfind supplied with the 2.1 alpha 
branch (as compared to the version in malware.py on this website). The older 
malfind (which is written about in the book) searched for injected code *and* 
allowed you to scan for yara signatures. In the newer version, malfind only 
finds injected code. The plugin for scanning with yara rules is yarascan. 

So in your 2.1 alpha branch just do: 

$ python vol.py malfind -h 
$ python vol.py yarascan -h 

That will show you the options allowed for both plugins. One thing I see is you 
used -dump-dir instead of --dump-dir. 

Hi Michael,

for  Volatility Framework 2.1_alpha

i tried the following 

vol.py malfind -f c:\memsmpls\zeus.vmem  -dump-dir c:\re\

output is : vol.py: error: no such option: -u

Also tried
vol.py malfind -f c:\memsmpls\zeus.vmem  --dump-dir c:\re\

output is : vol.py: error: no such option: --dump-dir

what is wrong ? please help

Thanks
Tamer

Hey Tamer, sorry about that. I just realized the --dump-dir option had gotten 
removed in the transition to the 2.1 alpha base. 

See the following patch and update to r1628 to re-enable the --dump-dir option:

http://code.google.com/p/volatility/source/detail?r=1628

Thanks!

Hi Michael,

It is working,

Thanks

hey, Michael

yarascan works good.

then I should find malware yara rule.

Thanks a lot.