[Vol-users] can volatility analysis xl dump-core

Hi all I am wanting to perform memory introspection in my xen setup. I have been using libvmi with volatility to analysis memory dumps of a domU. I have done and tested it in Dom0 and it works. I now want to create a similar setup in a pv domU but i am unable to get libVMI working,. Since i can use xl dump-core <domid> <filename> in my pv to extract any hvm dump. I am using xsm and i have added all the necessary rules for memory extraction. This is the command i use to analysis the dump extracted using xl dump-core note: i created the Linuxkbeastx86 profile to the kernel i have infecting kbeast and this profile worked in dom0 when i used libVMI dump memory but in the pv it does not, also tested xl dump with volatility in dom0 and it did not work. So can volatility process xl dump ? below is the example out put i get python /root/Volatility/vol.py -f /root/kbeastDump --profile=Linuxkbeastx86 linux_check_modules Volatility Foundation Volatility Framework 2.3.1 Module Name ----------- No suitable address space mapping found Tried to open image as: MachOAddressSpace: mac: need base LimeAddressSpace: lime: need base WindowsHiberFileSpace32: No base Address Space WindowsCrashDumpSpace64: No base Address Space HPAKAddressSpace: No base Address Space VirtualBoxCoreDumpElf64: No base Address Space VMWareSnapshotFile: No base Address Space WindowsCrashDumpSpace32: No base Address Space AMD64PagedMemory: No base Address Space IA32PagedMemoryPae: No base Address Space IA32PagedMemory: No base Address Space PyVmiAddressSpace: Location doesn't start with vmi:// MachOAddressSpace: MachO Header signature invalid LimeAddressSpace: Invalid Lime header signature WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile WindowsCrashDumpSpace64: Header signature invalid HPAKAddressSpace: Invalid magic found VirtualBoxCoreDumpElf64: ELF error: did not find any PT_NOTE segment with VBCORE VMWareSnapshotFile: Invalid VMware signature: 0x464c457f WindowsCrashDumpSpace32: Header signature invalid AMD64PagedMemory: Incompatible profile Linuxkbeastx86 selected IA32PagedMemoryPae: Failed valid Address Space check IA32PagedMemory: Failed valid Address Space check PyVmiAddressSpace: Must be first Address Space FileAddressSpace: Must be first Address Space ArmAddressSpace: Failed valid Address Space check if anyone could give me some advice on this Thank you