[Vol-dev] Re: DalvikVM support for Volatility
29 Oct
2012
29 Oct
'12
1:05 a.m.
Hello,
Thanks for sending out the code, and sorry for taking so long to properly
reply...
I read through most of the code and its very well done, particularly for
someone not previously involved with the project.
It was my goal to have dalvik support into the 3.0 release of Volatility,
which is due early next year - see the Roadmap [1] for details. Your code
can definitely serve as a base for this support as it works with the latest
revision of Vol and my previous code is over a year old now, and you have
also implemented features that I did not get to..
Please send any updates as you get to them or message me if you need any
help. I will also send you notes soon on what I had planned to add myself
so that we can either collaborate or at least not duplicate effort.
Nice work!
[1] http://code.google.com/p/volatility/wiki/VolatilityRoadmap
On Tue, Oct 16, 2012 at 9:50 AM, Holger Macht <holger(a)homac.de> wrote:
Hi,
I've uploaded a tarball [1] containing a number of Volatility plugins which
provide support for the DalvikVM and Android. I didn't provide a
patch set, because there are only new files included. However, I can do
so or can open an issue, whatever would be most convenient.
The plugins are named:
- dalvik_find_gdvm_offset
- dalvik_vms
- dalvik_loaded_classes
- dalvik_class_information
- dalvik_find_class_instance
- dalvik_app_mirrored
Any comments would be appreciated. This is part of a research project I
need to have finished by the end of the year, so if someone suggests
fundamental changes, I most likely won't have the immediate time to look
at it. Just wanted to provide my code, because obviously there is some
interest (cf. vol-users@).
Ideally, I could get a branch in SVN to get this integrated into
upcoming Volatility releases.
I've attached a README.dalvik which gives some meta information about
the plugins and could become a corresponding wiki article.
Thanks to Joe Sylve and Andrew Case for providing me with some initial
guidelines.
Regards,
Holger
[1] http://www.homac.de/files/Volatility-Dalvik-support-v1.tar.bz2
Attachments:
- attachment.html (text/html — 2.6 KB)