Re: [Vol-users] How to generate a volatility profile for android? It's possible?

I`m using the trunk code because the volatility devel branch is not working for me: # python vol.py --info Volatile Systems Volatility Framework 2.2_alpha *** Failed to import volatility.plugins.overlays.linux.linux (ValueError: too many values to unpack) ... I already have a memory dump obtained with lime. In the cross-compilation of module.c and pmem.c I'm getting errors with certain linux headers. For solve this problems I add extra include lines in the file pmem.c and, finally, the source code compile fine, but it not works: # python vol.py -f ram_sdcard.lime --profile=Linuxandroid-2_3_7x86 linux_pslist Volatile Systems Volatility Framework 2.2_alpha No suitable address space mapping found Tried to open image as: LimeAddressSpace: lime: need base WindowsHiberFileSpace32: No base Address Space WindowsCrashDumpSpace64: No base Address Space WindowsCrashDumpSpace32: No base Address Space AMD64PagedMemory: No base Address Space JKIA32PagedMemory: No base Address Space JKIA32PagedMemoryPae: No base Address Space IA32PagedMemoryPae: Module disabled IA32PagedMemory: Module disabled FileAddressSpace - EXCEPTION: too many values to unpack All modified files are attached (but sure the modifications are wrong). Thanks for your support (and sorry for my english)! El 04/09/2012 17:51, Andrew Case escribió: