volatility3 icon indicating copy to clipboard operation
volatility3 copied to clipboard
verified publisher icon volatilityfoundation

Volatility can't match the memory dump file (MacOS Catalina 10.15.7 build 19H15) to the symbol table created

Open hudishhhs opened this issue 3 years ago • 3 comments

Hey there,

so currently i'm facing problem in using Volatility 3 to analyse the ram dump file from MacOS Catalina 10.15.7 build 19H15, ran in vmware workstation 16.

I had successfully created the symbol table for MacOS Catalina 10.15.7 build 19H15 according to issue#155 and importef it into volatility3 as well. And when i want to analyse the ram file, i got error as below:

hudi@hudi-virtual-machine:~/volatility3$ python3 vol.py -vvvvvv -f /home/hudi/images/testingcatalina.dmp mac.bash Volatility 3 Framework 2.2.0 INFO volatility3.cli: Volatility plugins path: ['/home/hudi/volatility3/volatility3/plugins', '/home/hudi/volatility3/volatility3/framework/plugins'] INFO volatility3.cli: Volatility symbols path: ['/home/hudi/volatility3/volatility3/symbols', '/home/hudi/volatility3/volatility3/framework/symbols'] Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/plugins, /home/hudi/volatility3/volatility3/framework/plugins Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/automagic Level 7 volatility3.cli: Cache directory used: /home/hudi/.cache/volatility3 INFO volatility3.framework.automagic: Detected a mac category plugin Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers INFO volatility3.framework.automagic: Running automagic: ConstructionMagic Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Bash.kernel Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Bash.kernel Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Bash.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Bash.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Bash Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 6 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None INFO volatility3.framework.automagic: Running automagic: SymbolBannerCache INFO volatility3.framework.automagic: Running automagic: MacBannerCache Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /home/hudi/volatility3/volatility3/symbols, /home/hudi/volatility3/volatility3/framework/symbols INFO volatility3.framework.automagic: Running automagic: LayerStacker Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler, LeechCoreHandler Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /home/hudi/volatility3/volatility3/symbols, /home/hudi/volatility3/volatility3/framework/symbols Level 8 volatility3.framework.automagic.stacker: Stacked Elf64Layer using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using MacIntelStacker DEBUG volatility3.framework.automagic.mac: No suitable mac banner could be matched Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: Elf64Layer Level 9 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['Elf64Layer', 'FileLayer'] INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: MacSymbolFinder Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name INFO volatility3.framework.automagic: Running automagic: KernelModule Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Bash.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Bash.kernel.symbol_table_name

Unsatisfied requirement plugins.Bash.kernel.layer_name: Unsatisfied requirement plugins.Bash.kernel.symbol_table_name:

A translation layer requirement was not fulfilled. Please verify that: A file was provided to create this layer (by -f, --single-location or by config) The file exists and is readable The file is a valid memory image and was acquired cleanly

A symbol table requirement was not fulfilled. Please verify that: The associated translation layer requirement was fulfilled You have the correct symbol file for the requirement The symbol file is under the correct directory or zip file The symbol file is named appropriately or contains the correct banner

Unable to validate the plugin requirements: ['plugins.Bash.kernel.layer_name', 'plugins.Bash.kernel.symbol_table_name']

hudishhhs avatar May 31 '22 02:05 hudishhhs

This line:

DEBUG volatility3.framework.automagic.mac: No suitable mac banner could be matched

indicates the there wasn't a match between the image and the available ISF files. Please include the output from vol.py isfinfo --filter mac to show the mac ISF files that volatility can find, and the output from vol.py -f /home/hudi/images/testingcatalina.dmp banners to show what banners can be found within the image. If there isn't a banner that's exactly the same in both lists, then volatility won't be able to work with the image.

ikelos avatar Jun 05 '22 21:06 ikelos

Hi there, here is the result from python3 vol.py -vvvvvv -f /home/hudi/images/testingcatalina.dmp banners hudi@hudi-virtual-machine:~/volatility3$ python3 vol.py -vvvvvv -f /home/hudi/images/testingcatalina.dmp banners Volatility 3 Framework 2.2.0 INFO volatility3.cli: Volatility plugins path: ['/home/hudi/volatility3/volatility3/plugins', '/home/hudi/volatility3/volatility3/framework/plugins'] INFO volatility3.cli: Volatility symbols path: ['/home/hudi/volatility3/volatility3/symbols', '/home/hudi/volatility3/volatility3/framework/symbols'] Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/plugins, /home/hudi/volatility3/volatility3/framework/plugins Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/automagic Level 7 volatility3.cli: Cache directory used: /home/hudi/.cache/volatility3 INFO volatility3.framework.automagic: No plugin category detected Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers INFO volatility3.framework.automagic: Running automagic: ConstructionMagic Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Banners.primary Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Banners INFO volatility3.framework.automagic: Running automagic: SymbolBannerCache INFO volatility3.framework.automagic: Running automagic: MacBannerCache Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /home/hudi/volatility3/volatility3/symbols, /home/hudi/volatility3/volatility3/framework/symbols INFO volatility3.framework.automagic: Running automagic: LinuxBannerCache Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /home/hudi/volatility3/volatility3/symbols, /home/hudi/volatility3/volatility3/framework/symbols INFO volatility3.framework.automagic.symbol_cache: Building linux caches... Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler, LeechCoreHandler INFO volatility3.framework.automagic: Running automagic: LayerStacker Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /home/hudi/volatility3/volatility3/symbols, /home/hudi/volatility3/volatility3/framework/symbols Level 8 volatility3.framework.automagic.stacker: Stacked Elf64Layer using Elf64Stacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker Level 8 volatility3.framework.automagic.stacker: Attempting to stack using MacIntelStacker DEBUG volatility3.framework.automagic.mac: No suitable mac banner could be matched Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker INFO volatility3.framework.automagic.linux: No Linux banners found - if this is a linux plugin, please check your symbol files location Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsIntelStacker DEBUG volatility3.framework.automagic.windows: Detecting Self-referential pointer for recent windows DEBUG volatility3.framework.automagic.windows: Older windows fixed location self-referential pointers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Banners.primary.base_layer Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 6 volatility3.framework: Importing from the following paths: /home/hudi/volatility3/volatility3/framework/layers Level 6 volatility3.framework.symbols.intermed: Searching for symbols in /home/hudi/volatility3/volatility3/symbols, /home/hudi/volatility3/volatility3/framework/symbols DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['Elf64Layer', 'FileLayer'] INFO volatility3.framework.automagic: Running automagic: WinSwapLayers
INFO volatility3.framework.automagic: Running automagic: KernelPDBScanner INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: MacSymbolFinder INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder INFO volatility3.framework.automagic: Running automagic: KernelModule

Offset Banner

0x8c8bb00 Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 0x159afd58 Darwin Kernel Version 19.6.0: Th 0x1b6f8c9d Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 0x1b6f8d00 Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 0x1b885a8c Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 0x21276690 Darwin Kernel Version 19.6.0: Th 0x257015b0 Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 0x317cc3c4 Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 0x53702e08 Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64

Section Below will be the result from vol.py isfinfo --filter mac hudi@hudi-virtual-machine:~/volatility3$ python3 vol.py isfinfo --filter mac Volatility 3 Framework 2.2.0 Progress: 100.00 PDB scanning finished
URI Valid Number of base_types Number of types Number of symbols Number of enums Windows info Linux banner Mac banner

file:///home/hudi/volatility3/volatility3/symbols/macOS10.12.3KDK.dmg.json.xz Unknown 18 4839 43548 162 - - Darwin Kernel Version 16.4.0: Thu Dec 22 22:53:21 PST 2016; root:xnu-3789.41.3~3/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.3_build_14D131.dmg.json.xz Unknown 17 4656 40106 150 - - Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.10.2.14C1514.dmg.json.xz Unknown 17 4646 40021 149 - - Darwin Kernel Version 14.1.0: Thu Feb 26 19:26:47 PST 2015; root:xnu-2782.10.73~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.1_Build_16B2657.dmg.json.xz Unknown 18 4829 43503 162 - - Darwin Kernel Version 16.1.0: Wed Oct 19 20:31:56 PDT 2016; root:xnu-3789.21.4~4/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.7.5_11g56.dmg.json.xz Unknown 17 4071 36283 102 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.1_build_17B48.dmg.json.xz Unknown 19 5232 46771 198 - - Darwin Kernel Version 17.2.0: Fri Sep 29 18:27:05 PDT 2017; root:xnu-4570.20.62~3/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.3_build_17D47.dmg.json.xz Unknown 19 5244 47125 202 - - Darwin Kernel Version 17.4.0: Sun Dec 17 09:19:54 PST 2017; root:xnu-4570.41.2~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.4_build_18E226.dmg.json.xz Unknown 19 5422 50098 212 - - Darwin Kernel Version 18.5.0: Mon Mar 11 20:40:32 PDT 2019; root:xnu-4903.251.3~3/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.5_build_18F132.dmg.json.xz Unknown 19 5426 50211 217 - - Darwin Kernel Version 18.6.0: Thu Apr 25 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.4_build_17E199.dmg.json.xz Unknown 19 5265 47727 202 - - Darwin Kernel Version 17.5.0: Mon Mar 5 22:24:32 PST 2018; root:xnu-4570.51.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.6.8_10k540.dmg.json.xz Unknown 18 3582 31820 96 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1036.dmg.json.xz Unknown 18 4841 43676 164 - - Darwin Kernel Version 16.7.0: Wed Oct 4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G7024.dmg.json.xz Unknown 19 5264 47782 204 - - Darwin Kernel Version 17.7.0: Wed Apr 24 21:17:24 PDT 2019; root:xnu-4570.71.45~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.7.3_11d50.dmg.json.xz Unknown 17 4061 36178 101 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G1212.dmg.json.xz Unknown 18 4826 42765 160 - - Darwin Kernel Version 15.6.0: Wed Nov 2 20:30:56 PDT 2016; root:xnu-3248.60.11.1.2~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.6_build_18G2016.dmg.json.xz Unknown 19 5426 50179 216 - - Darwin Kernel Version 18.7.0: Fri Nov 8 21:52:53 PST 2019; root:xnu-4903.278.18~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.8.2_12c60.dmg.json.xz Unknown 17 3904 36248 126 - - Darwin Kernel Version 12.2.0: Sat Aug 25 00:48:52 PDT 2012; root:xnu-2050.18.24~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1917.dmg.json.xz Unknown 18 4843 43695 163 - - Darwin Kernel Version 16.7.0: Wed Feb 27 00:29:57 PST 2019; root:xnu-3789.73.43~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.5_build_15F34.dmg.json.xz Unknown 18 4825 42744 158 - - Darwin Kernel Version 15.5.0: Tue Apr 19 18:36:36 PDT 2016; root:xnu-3248.50.21~8/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G1510.dmg.json.xz Unknown 18 4826 42764 160 - - Darwin Kernel Version 15.6.0: Tue Apr 11 16:00:51 PDT 2017; root:xnu-3248.60.11.5.3~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G10012.dmg.json.xz Unknown 19 5264 47771 204 - - Darwin Kernel Version 17.7.0: Fri Nov 8 22:08:08 PST 2019; root:xnu-4570.71.62~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.4_build_18E205e.dmg.json.xz Unknown 19 5422 50105 212 - - Darwin Kernel Version 18.5.0: Sun Feb 24 21:44:25 PST 2019; root:xnu-4903.250.349~14/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15_build_19A536g.dmg.json.xz Unknown 19 6077 53181 255 - - Darwin Kernel Version 19.0.0: Fri Aug 9 21:59:46 PDT 2019; root:xnu-6153.0.139.161.2~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.8.3_12d78.dmg.json.xz Unknown 17 3902 36209 126 - - Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G9007.dmg.json.xz Unknown 19 5263 47762 204 - - Darwin Kernel Version 17.7.0: Fri Oct 4 23:08:59 PDT 2019; root:xnu-4570.71.57~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.5_build_14F2511.dmg.json.xz Unknown 17 4657 40132 152 - - Darwin Kernel Version 14.5.0: Sun Jun 4 21:40:08 PDT 2017; root:xnu-2782.70.3~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.4_build_18E220a.dmg.json.xz Unknown 19 5422 50098 212 - - Darwin Kernel Version 18.5.0: Mon Mar 11 23:41:46 PDT 2019; root:xnu-4903.251.3~6/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1212.dmg.json.xz Unknown 18 4844 43741 164 - - Darwin Kernel Version 16.7.0: Thu Jan 11 22:59:40 PST 2018; root:xnu-3789.73.8~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.5_build_14F2109.dmg.json.xz Unknown 17 4657 40131 152 - - Darwin Kernel Version 14.5.0: Sun Sep 25 22:07:15 PDT 2016; root:xnu-2782.50.9~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G7017.dmg.json.xz Unknown 19 5264 47749 201 - - Darwin Kernel Version 17.7.0: Sun Apr 14 22:24:48 PDT 2019; root:xnu-4570.71.44~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.2_build_18C54.dmg.json.xz Unknown 19 5426 49419 211 - - Darwin Kernel Version 18.2.0: Mon Nov 12 20:24:46 PST 2018; root:xnu-4903.231.4~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.5_build_18F96h.dmg.json.xz Unknown 19 5426 50116 214 - - Darwin Kernel Version 18.6.0: Thu Mar 14 21:02:45 PDT 2019; root:xnu-4903.260.65~14/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.6_Build_18G84.dmg.json.xz Unknown 19 5430 50227 217 - - Darwin Kernel Version 18.7.0: Thu Jun 20 18:42:21 PDT 2019; root:xnu-4903.270.47~4/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G2014.dmg.json.xz Unknown 18 4842 43736 166 - - Darwin Kernel Version 16.7.0: Wed Apr 24 20:50:53 PDT 2019; root:xnu-3789.73.49~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1915.dmg.json.xz Unknown 18 4843 43695 163 - - Darwin Kernel Version 16.7.0: Wed Feb 27 00:29:57 PST 2019; root:xnu-3789.73.43~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1114.dmg.json.xz Unknown 18 4841 43675 164 - - Darwin Kernel Version 16.7.0: Mon Nov 13 21:56:25 PST 2017; root:xnu-3789.72.11~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G1421.dmg.json.xz Unknown 18 4826 42764 160 - - Darwin Kernel Version 15.6.0: Fri Feb 17 10:21:18 PST 2017; root:xnu-3248.60.11.4.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12_Build_16A323.dmg.json.xz Unknown 18 4829 43462 162 - - Darwin Kernel Version 16.0.0: Mon Aug 29 17:56:20 PDT 2016; root:xnu-3789.1.32~3/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.7.4_11e53.dmg.json.xz Unknown 17 4069 36238 102 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.5_Build_14F1021.dmg.json.xz Unknown 17 4657 40129 150 - - Darwin Kernel Version 14.5.0: Tue Sep 1 21:23:09 PDT 2015; root:xnu-2782.50.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G8011.dmg.json.xz Unknown 19 5264 47782 204 - - Darwin Kernel Version 17.7.0: Thu Apr 25 22:14:11 PDT 2019; root:xnu-4570.71.45~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.6_build_18G29g.dmg.json.xz Unknown 19 5426 50210 217 - - Darwin Kernel Version 18.6.0: Tue May 7 22:54:55 PDT 2019; root:xnu-4903.270.19.100.1~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1314.dmg.json.xz Unknown 18 4844 43741 164 - - Darwin Kernel Version 16.7.0: Tue Jan 30 11:27:06 PST 2018; root:xnu-3789.73.11~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.3_build_15D21.dmg.json.xz Unknown 18 4815 42670 159 - - Darwin Kernel Version 15.3.0: Thu Dec 10 18:40:58 PST 2015; root:xnu-3248.30.4~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15.4_build_19E250c.dmg.json.xz Unknown 19 6174 53891 256 - - Darwin Kernel Version 19.4.0: Tue Feb 25 22:28:31 PST 2020; root:xnu-6153.101.5~8/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G4015.dmg.json.xz Unknown 19 5265 47740 201 - - Darwin Kernel Version 17.7.0: Fri Nov 2 20:43:16 PDT 2018; root:xnu-4570.71.17~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G2102.dmg.json.xz Unknown 18 4842 43702 163 - - Darwin Kernel Version 16.7.0: Mon Apr 15 21:56:23 PDT 2019; root:xnu-3789.73.48~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.9.3_13d65.dmg.json.xz Unknown 16 4369 39410 137 - - Darwin Kernel Version 13.2.0: Thu Apr 17 23:03:13 PDT 2014; root:xnu-2422.100.13~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G1611.dmg.json.xz Unknown 18 4826 42777 160 - - Darwin Kernel Version 15.6.0: Sun Jun 4 21:43:07 PDT 2017; root:xnu-3248.70.3~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G20015.dmg.json.xz Unknown 18 4829 42836 160 - - Darwin Kernel Version 15.6.0: Tue Jan 30 11:45:51 PST 2018; root:xnu-3248.73.8~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.4_build_15E65.dmg.json.xz Unknown 18 4825 42747 159 - - Darwin Kernel Version 15.4.0: Fri Feb 26 22:08:05 PST 2016; root:xnu-3248.40.184~3/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.5_build_14F2315.dmg.json.xz Unknown 17 4657 40131 152 - - Darwin Kernel Version 14.5.0: Fri Feb 17 10:33:20 PST 2017; root:xnu-2782.50.9.1.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15_build_19A526h.dmg.json.xz Unknown 19 6085 53115 255 - - Darwin Kernel Version 19.0.0: Tue Jul 23 01:19:36 PDT 2019; root:xnu-6153.0.103.151.1~4/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.6.8_10k549.dmg.json.xz Unknown 18 3582 31820 96 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.1_build_18B75.dmg.json.xz Unknown 19 5427 49383 212 - - Darwin Kernel Version 18.2.0: Fri Oct 5 19:41:49 PDT 2018; root:xnu-4903.221.2~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G29.dmg.json.xz Unknown 18 4841 43669 164 - - Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.9.2_13c1021.dmg.json.xz Unknown 16 4368 39379 137 - - Darwin Kernel Version 13.1.0: Wed Apr 2 23:52:02 PDT 2014; root:xnu-2422.92.1~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15_build_19A471t.dmg.json.xz Unknown 19 5966 52590 249 - - Darwin Kernel Version 19.0.0: Fri May 24 17:36:10 PDT 2019; root:xnu-6041.0.0.111.5~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G6029.dmg.json.xz Unknown 19 5265 47744 201 - - Darwin Kernel Version 17.7.0: Wed Feb 27 00:43:23 PST 2019; root:xnu-4570.71.35~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15.2_build_19C46a.dmg.json.xz Unknown 19 6089 53646 257 - - Darwin Kernel Version 19.2.0: Wed Nov 13 22:22:44 PST 2019; root:xnu-6153.61.1~26/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.6.6_10j567.dmg.json.xz Unknown 18 3539 31527 94 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G2006.dmg.json.xz Unknown 18 4842 43702 163 - - Darwin Kernel Version 16.7.0: Mon Apr 1 22:04:34 PDT 2019; root:xnu-3789.73.46~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.4_build_17E202.dmg.json.xz Unknown 19 5265 47727 202 - - Darwin Kernel Version 17.5.0: Fri Apr 13 19:32:32 PDT 2018; root:xnu-4570.51.2~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G1217.dmg.json.xz Unknown 18 4826 42764 160 - - Darwin Kernel Version 15.6.0: Mon Jan 9 23:07:29 PST 2017; root:xnu-3248.60.11.2.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.2_build_17C88.dmg.json.xz Unknown 19 5244 47117 202 - - Darwin Kernel Version 17.3.0: Thu Nov 9 18:09:22 PST 2017; root:xnu-4570.31.3~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/KernelDebugKit_10.10.5_build14F1912.dmg.json.xz Unknown 17 4657 40131 152 - - Darwin Kernel Version 14.5.0: Mon Aug 29 21:14:16 PDT 2016; root:xnu-2782.50.6~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G65.dmg.json.xz Unknown 19 5266 47794 202 - - Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT 2018; root:xnu-4570.71.2~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.6.4_10f569.dmg.json.xz Unknown 18 3539 31431 94 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14_build_18A391.dmg.json.xz Unknown 19 5427 49374 212 - - Darwin Kernel Version 18.0.0: Wed Aug 22 20:13:40 PDT 2018; root:xnu-4903.201.2~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.9.2_13c64.dmg.json.xz Unknown 16 4368 39377 137 - - Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 PST 2014; root:xnu-2422.90.20~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.6.5_10h574.dmg.json.xz Unknown 18 3539 31527 94 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.8.2_12c54.dmg.json.xz Unknown 17 3904 36248 126 - - Darwin Kernel Version 12.2.0: Sat Aug 25 00:48:52 PDT 2012; root:xnu-2050.18.24~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/KernelDebugKit_10.11.6_build15G1004.dmg.json.xz Unknown 18 4826 42754 160 - - Darwin Kernel Version 15.6.0: Mon Aug 29 20:21:34 PDT 2016; root:xnu-3248.60.11~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G7023.dmg.json.xz Unknown 19 5264 47782 204 - - Darwin Kernel Version 17.7.0: Wed Apr 24 21:17:24 PDT 2019; root:xnu-4570.71.45~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.6_build_18G1005.dmg.json.xz Unknown 19 5430 50227 217 - - Darwin Kernel Version 18.7.0: Fri Oct 4 20:02:58 PDT 2019; root:xnu-4903.271.2~4/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G2208.dmg.json.xz Unknown 19 5266 47794 202 - - Darwin Kernel Version 17.7.0: Fri Jul 6 19:54:51 PDT 2018; root:xnu-4570.71.3~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G6028.dmg.json.xz Unknown 19 5265 47744 201 - - Darwin Kernel Version 17.7.0: Wed Feb 27 00:43:23 PST 2019; root:xnu-4570.71.35~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G7004.dmg.json.xz Unknown 19 5265 47743 201 - - Darwin Kernel Version 17.7.0: Fri Mar 8 16:41:10 PST 2019; root:xnu-4570.71.39~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.7_11a511.dmg.json.xz Unknown 17 4057 36149 101 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G2011.dmg.json.xz Unknown 18 4842 43702 163 - - Darwin Kernel Version 16.7.0: Sun Apr 14 22:13:15 PDT 2019; root:xnu-3789.73.48~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G21013.dmg.json.xz Unknown 18 4829 42837 160 - - Darwin Kernel Version 15.6.0: Wed May 2 21:04:22 PDT 2018; root:xnu-3248.73.10~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G2016.dmg.json.xz Unknown 18 4842 43736 166 - - Darwin Kernel Version 16.7.0: Wed Apr 24 20:50:53 PDT 2019; root:xnu-3789.73.49~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G9010.dmg.json.xz Unknown 19 5263 47762 204 - - Darwin Kernel Version 17.7.0: Fri Oct 4 23:08:59 PDT 2019; root:xnu-4570.71.57~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G2002.dmg.json.xz Unknown 18 4843 43695 163 - - Darwin Kernel Version 16.7.0: Mon Mar 18 19:57:42 PDT 2019; root:xnu-3789.73.44~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1710.dmg.json.xz Unknown 18 4843 43692 163 - - Darwin Kernel Version 16.7.0: Sun Oct 28 22:30:19 PDT 2018; root:xnu-3789.73.27~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.2_Build_15C50.dmg.json.xz Unknown 18 4815 42670 159 - - Darwin Kernel Version 15.2.0: Fri Nov 13 19:56:56 PST 2015; root:xnu-3248.20.55~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.5_build_14F1509.dmg.json.xz Unknown 17 4657 40129 150 - - Darwin Kernel Version 14.5.0: Tue Sep 1 21:23:09 PDT 2015; root:xnu-2782.50.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.8.4_12e55.dmg.json.xz Unknown 17 3906 36265 126 - - Darwin Kernel Version 12.4.0: Wed May 1 17:57:12 PDT 2013; root:xnu-2050.24.15~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1408.dmg.json.xz Unknown 18 4844 43742 164 - - Darwin Kernel Version 16.7.0: Fri Apr 27 17:59:46 PDT 2018; root:xnu-3789.73.13~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.9_13F1077.dmg.json.xz Unknown 16 4369 39430 138 - - Darwin Kernel Version 13.4.0: Wed Mar 18 16:20:14 PDT 2015; root:xnu-2422.115.14~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G17023.dmg.json.xz Unknown 18 4826 42786 160 - - Darwin Kernel Version 15.6.0: Mon Oct 2 22:20:08 PDT 2017; root:xnu-3248.71.4~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.5_build_17F77.dmg.json.xz Unknown 19 5265 47745 202 - - Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.5_build_18F131a.dmg.json.xz Unknown 19 5426 50211 217 - - Darwin Kernel Version 18.6.0: Thu Apr 25 23:49:07 PDT 2019; root:xnu-4903.261.4~4/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.7.2_11c74.dmg.json.xz Unknown 17 4061 36170 101 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.9.1_13b42.dmg.json.xz Unknown 16 4369 39361 137 - - Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.6_Build_18G59b.dmg.json.xz Unknown 19 5430 50221 217 - - Darwin Kernel Version 18.7.0: Wed Jun 12 17:27:30 PDT 2019; root:xnu-4903.270.38~14/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_Build_17G8029.dmg.json.xz Unknown 19 5265 47782 204 - - Darwin Kernel Version 17.7.0: Sun Jun 2 20:31:42 PDT 2019; root:xnu-4570.71.46~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.5_build_17F66a.dmg.json.xz Unknown 19 5265 47744 202 - - Darwin Kernel Version 17.6.0: Wed May 2 00:58:29 PDT 2018; root:xnu-4570.60.21~13/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G3025.dmg.json.xz Unknown 19 5266 47777 202 - - Darwin Kernel Version 17.7.0: Wed Oct 10 23:06:14 PDT 2018; root:xnu-4570.71.13~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.5_build_14F27.dmg.json.xz Unknown 17 4657 40129 150 - - Darwin Kernel Version 14.5.0: Wed Jul 29 02:26:53 PDT 2015; root:xnu-2782.40.9~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G7020.dmg.json.xz Unknown 19 5264 47782 204 - - Darwin Kernel Version 17.7.0: Wed Apr 24 21:17:24 PDT 2019; root:xnu-4570.71.45~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G6022.dmg.json.xz Unknown 19 5265 47744 201 - - Darwin Kernel Version 17.7.0: Wed Feb 27 00:43:23 PST 2019; root:xnu-4570.71.35~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.4_build_16E195.dmg.json.xz Unknown 18 4841 43661 164 - - Darwin Kernel Version 16.5.0: Fri Mar 3 16:52:33 PST 2017; root:xnu-3789.51.2~3/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.8.1_12b19.dmg.json.xz Unknown 17 3905 36221 126 - - Darwin Kernel Version 12.1.0: Tue Aug 14 13:29:55 PDT 2012; root:xnu-2050.9.2~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15.1_build_19B68f.dmg.json.xz Unknown 19 6082 53648 257 - - Darwin Kernel Version 19.0.0: Wed Oct 9 13:26:26 PDT 2019; root:xnu-6153.40.150.111.1~2/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G10017.dmg.json.xz Unknown 19 5264 47771 204 - - Darwin Kernel Version 17.7.0: Fri Nov 8 22:08:08 PST 2019; root:xnu-4570.71.62~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.6_build_18G1007.dmg.json.xz Unknown 19 5428 50197 217 - - Darwin Kernel Version 18.7.0: Sat Oct 12 00:02:19 PDT 2019; root:xnu-4903.278.12~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G18013.dmg.json.xz Unknown 18 4826 42783 160 - - Darwin Kernel Version 15.6.0: Mon Nov 13 21:58:35 PST 2017; root:xnu-3248.72.11~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.5_build_18F127a.dmg.json.xz Unknown 19 5426 50211 217 - - Darwin Kernel Version 18.6.0: Thu Apr 25 23:49:07 PDT 2019; root:xnu-4903.261.4~4/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_Build_16G2123.dmg.json.xz Unknown 18 4843 43736 166 - - Darwin Kernel Version 16.7.0: Sun Jun 2 20:26:31 PDT 2019; root:xnu-3789.73.50~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.8_12F2518.dmg.json.xz Unknown 17 3936 36672 133 - - Darwin Kernel Version 12.6.0: Wed Mar 18 16:23:48 PDT 2015; root:xnu-2050.48.19~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.2_build_16C67.dmg.json.xz Unknown 18 4839 43548 162 - - Darwin Kernel Version 16.3.0: Thu Nov 17 20:23:58 PST 2016; root:xnu-3789.31.2~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.9_13a603.dmg.json.xz Unknown 16 4369 39361 137 - - Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_Build_15G31.dmg.json.xz Unknown 18 4826 42754 158 - - Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.11.6_build_15G19009.dmg.json.xz Unknown 18 4829 42848 160 - - Darwin Kernel Version 15.6.0: Tue Jan 9 20:12:05 PST 2018; root:xnu-3248.73.5~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.5_build_16F73.dmg.json.xz Unknown 18 4841 43665 164 - - Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16 PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_Build_16G2127.dmg.json.xz Unknown 18 4843 43736 166 - - Darwin Kernel Version 16.7.0: Sun Jun 2 20:26:31 PDT 2019; root:xnu-3789.73.50~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.10.3_build_14D136.dmg.json.xz Unknown 17 4656 40106 150 - - Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_build_17G7009.dmg.json.xz Unknown 19 5264 47749 201 - - Darwin Kernel Version 17.7.0: Mon Apr 1 22:46:34 PDT 2019; root:xnu-4570.71.41~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15.7_build_19H15.dmg.json.xz Unknown 19 6228 54010 258 - - Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64

file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_Build_17G8023.dmg.json.xz Unknown 19 5265 47782 204 - - Darwin Kernel Version 17.7.0: Sun Jun 2 20:31:42 PDT 2019; root:xnu-4570.71.46~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.5_build_18F118d.dmg.json.xz Unknown 19 5426 50204 217 - - Darwin Kernel Version 18.6.0: Mon Apr 15 21:18:10 PDT 2019; root:xnu-4903.260.85.100.1~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.14.5_build_18F108f.dmg.json.xz Unknown 19 5426 50180 214 - - Darwin Kernel Version 18.6.0: Sun Mar 31 23:13:18 PDT 2019; root:xnu-4903.260.74~12/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.13.6_Build_17G8030.dmg.json.xz Unknown 19 5265 47782 204 - - Darwin Kernel Version 17.7.0: Sun Jun 2 20:31:42 PDT 2019; root:xnu-4570.71.46~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15.1_build_19B77a.dmg.json.xz Unknown 19 6082 53654 257 - - Darwin Kernel Version 19.0.0: Fri Oct 11 19:41:52 PDT 2019; root:xnu-6153.41.3~8/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.6.7_10j869.dmg.json.xz Unknown 18 3572 31672 95 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/kernel_debug_kit_10.7.1_11b26.dmg.json.xz Unknown 17 4057 36154 101 - - - file:///home/hudi/volatility3/volatility3/symbols/mac/macOS10.12.3KDK.dmg.json.xz Unknown 18 4839 43548 162 - - Darwin Kernel Version 16.4.0: Thu Dec 22 22:53:21 PST 2016; root:xnu-3789.41.3~3/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_build_16G1618.dmg.json.xz Unknown 18 4844 43730 164 - - Darwin Kernel Version 16.7.0: Wed Oct 10 20:06:00 PDT 2018; root:xnu-3789.73.24~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.12.6_Build_16G2128.dmg.json.xz Unknown 18 4843 43736 166 - - Darwin Kernel Version 16.7.0: Sun Jun 2 20:26:31 PDT 2019; root:xnu-3789.73.50~1/RELEASE_X86_64 file:///home/hudi/volatility3/volatility3/symbols/mac/Kernel_Debug_Kit_10.15.4_build_19E287.dmg.json.xz Unknown 19 6174 53897 256 - - Darwin Kernel Version 19.4.0: Wed Mar 4 22:28:40 PST 2020; root:xnu-6153.101.6~15/RELEASE_X86_64

hudishhhs avatar Jun 07 '22 00:06 hudishhhs

Hmmm, the banner does seem right (although github has formatted it as text, so when pasting program output, it might be useful to wrap it inside of triple backquotes). I'm getting the two stars were to try and bold the line.

It should log it as soon as it identifies a match, suggesting it's not identifying a match, but I couldn't tell you why? I'd probably need the image and the JSON file in use to identify why, I'm afraid. 5:S Would you be willing to share those to try and figure out what's going wrong?

As I say, as best I can tell you're doing everything right and there should at least be a log message indicating that the banner was found, even if nothing else... 5:S

ikelos avatar Jun 08 '22 07:06 ikelos

This issue is stale because it has been open for 200 days with no activity.

github-actions[bot] avatar Aug 21 '23 01:08 github-actions[bot]

This issue was closed because it has been inactive for 60 days since being marked as stale.

github-actions[bot] avatar Oct 20 '23 01:10 github-actions[bot]