[Vol-dev] Follow up to Linux support (read other email first) - a number of discussion points.....

I didn't want to put this in the last email as it wasn't exactly related. I currently see two (non-technical) issue with full blown Linux support. 1) Since there are now 36 stable 2.6.x kernel versions and ten or so distros, even partial coverage will require a huge amount of profiles. While its easy to install a bunch of distros & kernels in a VM and get profiles for them, the big problem will be how to allow users to choose what profile is right without overwhelming them with options. It is no where near as simple as Windows with relatively few versions compared to Linux. 2) Going off 1), there is also the problem of how to name all the profiles and the eventual --profile option. Since distros have multiple kernels packaged for the same kernel version its not as simple as what I have now (LinuxDebian2626) because debian has multiple 2626 packages, that will all have different offsets, dtb, and such. So we need to come up with a sane method of allowing all the profiles to be choosen. What I was thinking for this is a complete reorder of the --help system, which honestly is confusing now. Since vol will now have windows & linux support, and (soon ;)) will have support for some specific applications memory analysis, I think the help menu should be something like this (close to what svn does) python volatility -h Windows python volality -h Linux python volatility -h some_app and then it will show you only the plugins for whichever os/app you are interested in. This can be made simple inside the current framework, by tagging each plugin with what they support inside of the string message. so for instance you can have: class some_linux_plugin(...): ''' Linux - A module for linux process listing ''' class some_windows_plugin(...): ''' Windows - A module for windows process listing ''' and this way only the stuff after - gets displayed and the parser knows what plugins work on which apps. for plugins that work regardless of OS there could be a "-h any" option or similar... 3) To help with profile explosion, there also should be some way to list profiles for a specific app/os and for linux, which distro: as of right now, the only way I know of to get a list of profiles is with --info, which also lists a bunch of other stuff. If there was a way to do something like: python volalitility.py --list-profiles Windows which wouuld return all windows profiles or --list-profiles Windows XP which would return profiles for windows xp similarly for linux you could have: --list-profiles Linux --list-profiles Linux Debian which would greatly help if we are going to properly support Linux & all the different distros and versions Even without Linux support, this issue will crop up as volality moves to support XP (with 3 service packs), vista (with 2 currently), 7, 2008, 2003, etc as relying on --info will just result in huge blocks of text