Re: [Vol-dev] RE: Problem with Linux Volatility

Hi John, So the instructions for making a Linux profile using the current linux-trunk branch are as follows: * Firstly, either get a copy of the kernel with debugging symbols, or compile module.c from the tools/linux directory (a makefile is provided). * Once you have the compiled vmlinuz or module.ko file, create a dwarf output file as follows with "dwarfdump -di vmlinux > output.dwarf" or "dwarfdump -di module.ko > output.dwarf" (the module version will be a lot smaller, but still contains all the necessary debugging information for volatility). * You'll also need the System.map for the kernel you're working with. Create a zipfile with the module.dwarf and the System.map file in the top level, and name that something like Distro.zip. * Place Distro.zip in a volatility plugin directory, and run vol.py --info again to ensure it's picked up. These instructions are also available at [1]. Do please ask again if you have any problems with the linux-trunk branch, or the main trunk once the branch has been merged into trunk (which should be soon)... Mike 5:) [1] http://code.google.com/p/volatility/source/browse/branches/linux-trunk/tool…