Mikael Szreder

Required when building profiles with newer kernel versions.

This is a Volatility 3 related issue. Please post it at the correct repository: [https://github.com/volatilityfoundation/volatility3](https://github.com/volatilityfoundation/volatility3)

I have found what the issue is. The DWARF data generated seems to be using the DWARFv5 or newer version which Volatility 2 is not able to interpret. Adding "-gdwarf-4"...

> > Could you kindly where the Makefile is located in the kernel source tree please? > > The closest I found was the one shown below but it does...

> @transcend3nt You basically have to: > > * download and compile **dwarf2json** > * install a **debug** version of the kernel used in the memory dump > * run...

@mthbrown @jotunel @BlackDeeer @1259iknowthat A have just created a PR #852 that fixes issues with newer kernel releases. I believe this issue should be closed.

@mthbrown: Could you please attempt to use the following patch with the Makefile used in the tools/linux directory: ```diff --- Makefile.orig 2023-06-13 07:38:03.065860789 +0200 +++ Makefile 2023-05-29 12:43:40.823489421 +0200 @@...

@mthbrown: Just created a pull-request which should solve this once and for all by adding support for DWARFv5. See PR #854

@mthbrown: See PR #852 for a solution to the "state" exception. This is a separate issue related to a field in a struct changing names in newer kernels.

@mthbrown: That is correct. These are two separate issues solved by two separate PRs. Original issue is related with the DWARF debug information being of a newer version than Volatility...