Caliban#
2023-01-13, 18:30
Hello out there, I have a crash kernel dump of a crashed kernel and I try to dissect the content of the file system with the volatility framework. I installed volatility and dwarf2json. Then I started to analyse the dump file with
vol -vvvvv -f WV78J0~Z201220221336 linux.bash.Bash but got the error
Unsatisfied requirement plugins.Bash.kernel: Linux kernel
So I looked how to provide this plugin or profile? I have the kernel which crashed with the kernel dump image in vmlinux, with debugging symbols. So I tried
dwarf2json linux --elf ~chris/vmlinux > linux.json and copied this file to /usr/lib/python-3.10/site-packages/volatility3/symbols/linux.json.
I also tried:
dwarf2json linux --elf vmlinux --system-map System.map | xz -c > linux.json.xz
But the result remains the same, what can I do here?
Thank you in advance
BR Chris
vol -vvvvv -f WV78J0~Z201220221336 linux.bash.Bash but got the error
Unsatisfied requirement plugins.Bash.kernel: Linux kernel
So I looked how to provide this plugin or profile? I have the kernel which crashed with the kernel dump image in vmlinux, with debugging symbols. So I tried
dwarf2json linux --elf ~chris/vmlinux > linux.json and copied this file to /usr/lib/python-3.10/site-packages/volatility3/symbols/linux.json.
I also tried:
dwarf2json linux --elf vmlinux --system-map System.map | xz -c > linux.json.xz
But the result remains the same, what can I do here?
Thank you in advance
BR Chris