Error when trying to run windows.suspicious_threads.SuspiciousThreads #891
Description
when doing:
(volatility3-env) C:\Users\DFIR\Downloads\DFIR Tools\volatility3>python vol.py -f mem.dmp windows.suspicious_threads.SuspiciousThreads
I get the following errors:
Volatility 3 Framework 2.26.1
Progress: 100.00 PDB scanning finished
Process PID TID Context Address VAD Path Note
Traceback (most recent call last):
File "C:\Users\DFIR\Downloads\DFIR Tools\volatility3\vol.py", line 11, in
volatility3.cli.main()
File "C:\Users\DFIR\Downloads\DFIR Tools\volatility3\volatility3\cli_init_.py", line 924, in main
CommandLine().run()
File "C:\Users\DFIR\Downloads\DFIR Tools\volatility3\volatility3\cli_init_.py", line 512, in run
renderer.render(grid)
File "C:\Users\DFIR\Downloads\DFIR Tools\volatility3\volatility3\cli\text_renderer.py", line 330, in render
grid.populate(visitor, outfd)
File "C:\Users\DFIR\Downloads\DFIR Tools\volatility3\volatility3\framework\renderers_init_.py", line 317, in populate
for level, item in self._generator:
^^^^^^^^^^^^^^^
File "C:\Users\DFIR\Downloads\DFIR Tools\volatility3\volatility3\framework\plugins\windows\suspicious_threads.py", line 180, in _generator
info = thrdscan.ThrdScan.gather_thread_info(thread)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\DFIR\Downloads\DFIR Tools\volatility3\volatility3\framework\plugins\windows\thrdscan.py", line 116, in gather_thread_info
and owner_proc.InheritedFromUniqueProcessId != 4
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'InheritedFromUniqueProcessId'
my python version is Python 3.12.10 and my system is Microsoft Windows [Version 10.0.19045.5608]
Some plugins work but others error out. It could be an issue with how i installed/using it but I think i did it right