-
Notifications
You must be signed in to change notification settings - Fork 481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Produce a windows standalone executable as part of the release #911
Comments
This is something we'll have to investigate in our build chain. It was quite a manual process for volatility 2.6 and we'd want to automate generating them somewhat for volatility 3. @npetroni is this something the buildbot could do and should we roll it into our release process? |
Sorry about the previous duplicate. Do you think this is something that will eventually become real, if yes, do you have an idea of when approximately ? Thank you |
I don't but if you have an installed and working copy of volatility 3 on your window system, you should be able to create a full binary using pyinstaller and the |
Indeed I successfully created an executable. What did you try exactly with pyinstaller, OP ? |
Hello Thread, I managed to actually create the Executable. It was an issue with the directory it was in previously. I changed it and executed pyinstaller on the .spec file again and then it successfully created the vol.exe correctly. |
Hi all,
@ikelos Any ideas ? |
Please try the above instruction and tell me if that works. |
I am on on Linux, but I still tried what you said:
|
Try this one if you are on Linux: ~ LvdW Then remove from the requirements.txt snappy-python because it does not work properly. |
@asterictnl-lvdw Thanks but that's not what I want, I want a standalone version of the whole volatility 3 framework, not just an executable that will call python. I need to be able to run volatility on a machine that doesn't have python.
|
That is not possible. You have to use Python and install it with Python3 first. There is no standalone version available since pyinstaller uses Python as well. @lic-8 |
@asterictnl-lvdw I want to generate a standalone version from a machine that has python, but once the binary file is created, it has to be able to be copied on a machine that doesn't have python and run on this machine. The standalone version should embed all the dependencies to run volatility in the same conditions as if it was Python-interpreted. |
@lic-8 I will suggest you to gather all the binaries first and try to make your own spec file. Besides that you have to make a plugin folder and import it into there. With a standalone app I cannot help unfortunately. Then I would have to look at which dependencies are listed and how they could be imported into the .spec file properly. Because it imports from inside files as well as other files that are needed to run Volatility properly. |
I'm gonna have to invoke God ( @ikelos ) on that |
Firstly, thanks but I've have no deity-esque powers, I'm just a python coder. 5:P Secondly it looks as though this no longer works in pyinstaller >= 5, due to the way they handle some calls. I've got a ticket open with them as we speak to try to get it resolved. For now, you can either run pyinstaller 4.8, or run:
as a workaround. |
@ikelos I have tried with
|
That seems better, but still not there. The output I got from the PYTHONPATH method is:
As you can see from my output our responses start to differ where the import warning kicks in, and I don't have the issue with the warning for importing |
Oh yeah, there it is, we explicitly have code to avoid throwing that warning with pyinstaller... https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/__init__.py#L42 |
What is the equivalent for PYTHONPATH="." on Windows, because I assume this is for Linux? ~ LvdW PS: When I compile with ~LvdW |
This is setting an environment variable, and I believe it should work for windows as well?
The installer will only package the core plugins, if you have external plugins they can still be passed using |
So only some linux plugins and some other plugins are available in Standalone. |
Sure:
|
Just to make sure I get this right, it is possible to compile volatility so it can run on a "brand new" machine on which python, symbols and volatility were never installed ? |
Correct, but without a symbol pack (.zip file) or an internet connection, it won't have any symbols and will be useless. Even if it has an internet connection, unless you provide it a symbol pack, it will only analyze windows images (which it can download and generate symbols for itself). There is no need for python and no need for volatility, it should only require standard libraries. Referring back to your output, can you please ensure you have yara installed and functioning correctly? You output from pyinstaller shows that it is trying to find libyara, but cannot:
Please make sure you local python installation (on the box to run pyinstaller) has yara and yara-python correctly installed and functioning. |
Try to add and replace to the vol.spec: Would be for me now at line 21 - 25 and line 27 and run the pyinstaller again.
Does not give any error. for me afterwards. I have the next problem that is correlated to the plugin folder not parsing all plugins. When running
For me I do not have volatility3 installed at the moment nor yara nor the other dependencies. ~ LvdW PS: I can confirm after uninstalling yara-python the program keeps working when the dynamic library and import is done. |
Update: Can you also please run the command with
You will get a lot of debug information about the program. It seems that with the .exe it fails to import a lot of things. and volatility3.framework cannot find Crypto and Yara. |
Isn't it possible to "embed" the all the symbols in the executable ? If yes, how would you do so ? Also, it seems that I have yara:
But I can't import it:
@asterictnl-lvdw
|
Please do the following:
|
My bad, I forgot to re-run pyinstaller 😣It works since I have removed "yara" and installed "yara-python". |
No problem, try to run ./vol and see how many plugins you get. Do you get the same results? ~ LvdW |
Yes, probably but this isn't something we've made provision for, since it's unlikely you'll ever have a complete library for all windows systems and certainly not for linux. The zip symbol pack files would be an easier way to provision the symbol files, they'll just need to live in a subdirectory. @asterictnl-lvdw Sorry, this issue feels like it got slightly co-opted, are you still having difficulties or have you gotten what you needed to working? @lic-8 I'm glad your issue has been resolve. For problems like this that have back and forth and need questions and responses, please could I ask that you use our slack server, so that we don't lose track of other people's original issues (or create your own issue so that we don't cross conversations that turn out to be unrelated). |
Hello @ikelos , My issue with the normal application has been resolved. I have written an instruction on how to properly build the executable when Volatility3 installed by But now I want to use it standalone as well without installation of python, but I need to import the libraries properly. It seems there might be some issues with some of the plugins as they are unable to be imported. I have ran the I have attached the file below: Let me know if this is something helpful. ~ LvdW |
You can create an executable (from a system that has volatility and python installed) that can then be taken to another system without python. The output you provided looks very strange, was this created from the vol.spec provided in the standard release? It appears to be missing a number of subsidiary parts (the scanners directory or the layers such as the intel layer) but only contains the package top level files. It's very difficult to tell what's going on from that, and I'd need the output from running the pyinstaller file to create the executable to tell what's going on. Thank you for linking a file with the output, hopefully it will keep the length of the issue to a more manageable level. 5:) |
The above I understand. And no I haven't changed anything. What I did is the following:
|
This shouldn't be necessary, the |
I will describe the situation for you. It didn't matter for me if I used the edited version of vol.spec which included the yara or the standard one. This is what I did:
I did NOT run pip3 install . or python3 setup.py install at allIf you have volatility3 installed you can simply uninstall it by The output of the regular vol.spec is listed below: Let me know if this is anything you need. ~ LvdW |
Ok, I have found out how it works now. I have forgotten to install volatility3 before buildling the .exe. After that I can safely delete volatility3 again. ~ LvdW |
How to Compile Standalone Windows Version of Volatility 3Works with Python 3.11 and build with the latest pyinstaller 5.0.8!
~LvdW |
Hi @asterictnl-lvdw! I'm very glad you managed to get it all installed. It should be able to install from the local directory (that's what the PYTHONPATH is there for, it could be that the |
Hello , any idea why I cannot produce an executable with all the plugins ? |
@lic-9 Please don't cross-post on issues. You filed a new issue (#919), it will get answered, github already creates a link between the two issues, so adding questions like this creates extra work for everyone trying to figure out whether you're discussing this issue or the new one you just filed. It's not going to get you an answer more quickly, if anything it's going to do the opposite. You'll get the fastest answers on slack, please be patient. |
This issue is stale because it has been open for 200 days with no activity. |
This issue was closed because it has been inactive for 60 days since being marked as stale. |
pls reopen |
@npetroni could we look into producing a pyinstaller exe of this as part of the build process please? I don't know if we should have it actually run to test that it worked, but it might be wise just to spot obvious errors? We could then start distributing it (although before we do that we may need to consider how many "I can't do..." bugs might get filed if we do)... |
It could do with a test to ensure that the output from |
This issue is stale because it has been open for 200 days with no activity. |
This issue was closed because it has been inactive for 60 days since being marked as stale. |
Is your feature request related to a problem? Please describe.
Like what you did in the past you guys released of Volatility2 Binary versions that were compiled by pyinstaller
Describe the solution you'd like
A fully working volatility3.exe that can be run or either instructions on how to make the executable properly
Describe alternatives you've considered
I have tried to use pyinstaller and auto-py-to-exe, but it fails to work when I try to run a plugin.
The text was updated successfully, but these errors were encountered: