Mikael Szreder
Mikael Szreder
@mthbrown: Great to hear that it works. All Linux kernels, as far as I have tested, work with the PRs i have created. PR #852 adds support for newer kernels....
@mthbrown: Just did a test with Ubuntu 23.04 with kernel 6.3.7-060307 running in VirtualBox and performing a memory dump using the debugvm and dumpvmcore commands. Everything worked as intended. Maybe...
> > I have found what the issue is. > > The DWARF data generated seems to be using the DWARFv5 or newer version which Volatility 2 is not able...
Just created PR #1573, which should fix the issue.
@haha150: This issue should be resolved in the recent 1.5.42 release. @moloch--: This issue probably needs closing.
Based on your output i would say: `/bin/sh: 1: bison: not found` is your problem. Your are likely missing a required package for building.
> Since getting the same error: > > Traceback (most recent call last): File "vol.py", line 192, in main() File "vol.py", line 183, in main command.execute() File "/home/odin/Documents/volatility/volatility/plugins/linux/common.py", line 67,...
Based on your error I would say you are missing the package/sources required to build the kernel modules. The build "directory" is commonly a symbolic link to the actual directory...
This should be resolved in PR #852(not merged into master).
You will need to extract the ddeb to get access to the Kernel ELF file. Once extracted running the dwarf2json command and specifying the vmlinux ELF file will generate the...