Issue to import new profile
2Belette opened this issue · comments
Hi,
I have been able to suscessfuly create a .zip in Archlinux but not able to import it.
When I try I got this error message :
Volatility Foundation Volatility Framework 2.5
*** Failed to import volatility.plugins.overlays.linux.linux (ValueError: too many values to unpack)
Any idea? Many thanks for your hel
Hello,
Can you please copy/paste the command line input/output as you try to
create the profile?
Thanks,
Andrew (@attrc)
On 01/25/2016 03:04 AM, benoitne wrote:
Hi,
I have been able to suscessfuly create a zip in Archlinux but not able
to import it
When I try I got this error message :Volatility Foundation Volatility Framework 25
*** Failed to import volatilitypluginsoverlayslinuxlinux (ValueError:
too many values to unpack)Any idea? Many thanks for your hel
—
Reply to this email directly or view it on GitHub
#13.
sure :)
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility/tools/linux
make -C /lib/modules/4.3.3-gnu-3/build CONFIG_DEBUG_INFO=y M=$PWD modules
dwarfdump -di ./module.o > module.dwarf
cp /proc/kallsyms /boot/System.map-4.3.3-gnu-2 (as there is no system.map in ArchLinux)
cd volatility
zip volatility/plugins/overlays/linux/ArchLinux64.zip tools/linux/module.dwarf /boot/System.map-4.3.3-gnu-2
adding: tools/linux/module.dwarf (deflated 91%)
adding: boot/System.map-4.3.3-gnu-2 (deflated 79%)
Importing a profile built from github is working well so I assume something wrong when I build mine...
is it enough for you?
Old issue, but could still be interesting.
This is most likely due to kallsyms giving additional information on certain lines ([serio] or [kvm] for example), and Volatility on the other hand only expecting three space separated values:
(str_addr, symbol_type, symbol) = line.strip().split()
That's why before using the output of the kallsyms proc file to build a profile, some lines must be checked to fit the expected format.
Is this still an issue?
@gleeda good question! I changed my OS so I need to give another test and will post the results
Reproducable on Kali Linux 2021.1 (based on Debian)