我试图写一个挥发性插件，从内存转储中提取恶意软件使用的配置文件。但是，当我在没有root权限的情况下运行这个插件（不带'sudo'）时，插件会崩溃yara.编译. 如果我用“sudo”运行这个插件，代码yara.编译未执行行。我不知道为什么yara.编译导致了这个问题。有人能帮我吗？下面是我写的代码：

import volatility.plugins.common as common 
import volatility.utils as utils
import volatility.win32.tasks as tasks 
import volatility.debug as debug
import volatility.plugins.malware.malfind as malfind
import volatility.conf as conf
import volatility.plugins.taskmods as taskmods

try:
    import yara
    HAS_YARA = True
except ImportError:
    HAS_YARA = False

YARA_SIGS = {
    'malware_conf' : 'rule malware_conf {strings: $a = /<settings/ condition: $a}'
}

class malwarescan(taskmods.PSList):

    def get_vad_base(self, task, address):
        for vad in task.VadRoot.traverse():
            if address >= vad.Start and address < vad.End:
                return vad.Start
        return None

    def calculate(self):
        if not HAS_YARA:
            debug.error('Yara must be installed for this plugin')
        print "in calculate function"
        kernel_space = utils.load_as(self._config)
        print "before yara compile"
        rules = yara.compile(sources=YARA_SIGS)
        print "after yara compile"
        for process in tasks.pslist(kernel_space):
             if "IEXPLORE.EXE".lower() == process.ImageFileName.lower():
                 scanner = malfind.VadYaraScanner(task=process, rules=rules)
                 for hit, address in scanner.scan():
                     vad_base_addr = self.get_vad_base(process, address)
                     yield process, address



    def render_text(self, outfd, data):
        for process, address in data:

            outfd.write("Process: {0}, Pid: {1}\n".format(process.ImageFileName, process.UniqueProcessId))

所以当我用root权限运行这个插件时，我看不到“print'afteryara compile'”这行代码被执行。原因是什么？谢谢您。在