Hello,

I'm using Antergos with the 4.6.4-1 kernel and after dumping my computer's memory using lime worked without any problems, I went on creating a profile for my system according to the instructions on https://github.com/volatilityfoundation/volatility/wiki/Linux#using-the-profile, while creating the system.map using "cp /proc/kallsyms /boot/System.map-4.6.4-1" (because there is no system.map in ArchLinux, as mentioned on https://github.com/volatilityfoundation/profiles/issues/13).

Unfortunately I experience the same problem as described in the last link, since volatility gives an error message about this profile saying "*** Failed to import volatility.plugins.overlays.linux.linux (ValueError: too many values to unpack)".


On the issue thread linked above someone gives the following answer:
"Old issue, but could still be interesting.

This is most likely due to kallsyms giving additional information on certain lines ([serio] or [kvm] for example), and Volatility on the other hand only expecting three space separated values:

(str_addr, symbol_type, symbol) = line.strip().split()

That's why before using the output of the kallsyms proc file to build a profile, some lines must be checked to fit the expected format."

Now this answer doesn't really help me to solve the issue and create a working profile for my system. Does someone has any idea how I could proceed in order to do so? As far as I know, nobody was ever able to build a profile working for Arch, so I think this would be really helpful for many people.

I uploaded the profile created by myself and the files I used for doing so on GoogleDrive, in case someone might even be able to create a profile using those files:
https://drive.google.com/open?id=0B62Y5Qk_rdbWbWlDZ21VUEVrZGc