6:28 a.m.
Hi all,
I've followed the documentation to first dump the memory device cross
compiling lime and then creating the profile for a linux device on arm.
Unfortunately I wasn't able to use volatility on the memory dump.
I'm using volatility 2.3.1, the kernel is a linux vanilla 2.6.31.14 + a
custom grsecurity+pax configuration.
Below some output from the commands, any suggestion on next step to
troubleshoot where is the problem ?
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --info | grep
Profile | grep Linux
Volatility Foundation Volatility Framework 2.3.1
LinuxTESTARM - A Profile for Linux TEST ARM
$ python vol.py -f /home/boos/arm-mem-image imageinfo
Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with
LinuxUbuntu1204x64)
AS Layer1 : LimeAddressSpace (Unnamed AS)
AS Layer2 : FileAddressSpace (/home/boos/arm-mem-image)
PAE type : No PAE
DTB : 0x1c0d000L
Traceback (most recent call last):
File "vol.py", line 184, in <module>
main()
File "vol.py", line 175, in main
command.execute()
File "/home/boos/Downloads/volatility-2.3.1/volatility/commands.py", line
122, in execute
func(outfd, data)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 36, in render_text
for k, v in data:
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 93, in calculate
kdbgoffset = volmagic.KDBG.v()
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line 737,
in __getattr__
return self.m(attr)
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line 719,
in m
raise AttributeError("Struct {0} has no member
{1}".format(self.obj_name, attr))
AttributeError: Struct VOLATILITY_MAGIC has no member KDBG
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --profile
LinuxTESTARM -f /home/boos/arm-mem-image linux_dmesg
Volatility Foundation Volatility Framework 2.3.1
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
VMWareSnapshotFile: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
MachOAddressSpace: MachO Header signature invalid
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VirtualBoxCoreDumpElf64: ELF64 Header signature invalid
VMWareSnapshotFile: Invalid VMware signature: 0x0
WindowsCrashDumpSpace32: Header signature invalid
AMD64PagedMemory: Incompatible profile LinuxTESTARM selected
IA32PagedMemoryPae: Failed valid Address Space check
IA32PagedMemory: Failed valid Address Space check
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
--
Roberto Martelloni
boos @ http://boos.core-dumped.info
11:37 a.m.
Hi Roberto,
I'm sure Andrew will help you here in a bit with the profile, but I just
wanted to note that imageinfo is a Windows only plugin, so that wouldn't
work on a Linux sample.
All the best,
-gleeda
On 4/1/2014 6:28 AM, Roberto Martelloni wrote:
Hi all,
I've followed the documentation to first dump the memory device cross
compiling lime and then creating the profile for a linux device on arm.
Unfortunately I wasn't able to use volatility on the memory dump.
I'm using volatility 2.3.1, the kernel is a linux vanilla 2.6.31.14 +
a custom grsecurity+pax configuration.
Below some output from the commands, any suggestion on next step to
troubleshoot where is the problem ?
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --info | grep
Profile | grep Linux
Volatility Foundation Volatility Framework 2.3.1
LinuxTESTARM - A Profile for Linux TEST ARM
$ python vol.py -f /home/boos/arm-mem-image imageinfo
Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with
LinuxUbuntu1204x64)
AS Layer1 : LimeAddressSpace (Unnamed AS)
AS Layer2 : FileAddressSpace
(/home/boos/arm-mem-image)
PAE type : No PAE
DTB : 0x1c0d000L
Traceback (most recent call last):
File "vol.py", line 184, in <module>
main()
File "vol.py", line 175, in main
command.execute()
File "/home/boos/Downloads/volatility-2.3.1/volatility/commands.py",
line 122, in execute
func(outfd, data)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 36, in render_text
for k, v in data:
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 93, in calculate
kdbgoffset = volmagic.KDBG.v()
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
737, in __getattr__
return self.m(attr)
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
719, in m
raise AttributeError("Struct {0} has no member
{1}".format(self.obj_name, attr))
AttributeError: Struct VOLATILITY_MAGIC has no member KDBG
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --profile
LinuxTESTARM -f /home/boos/arm-mem-image linux_dmesg
Volatility Foundation Volatility Framework 2.3.1
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
VMWareSnapshotFile: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
MachOAddressSpace: MachO Header signature invalid
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VirtualBoxCoreDumpElf64: ELF64 Header signature invalid
VMWareSnapshotFile: Invalid VMware signature: 0x0
WindowsCrashDumpSpace32: Header signature invalid
AMD64PagedMemory: Incompatible profile LinuxTESTARM selected
IA32PagedMemoryPae: Failed valid Address Space check
IA32PagedMemory: Failed valid Address Space check
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
--
Roberto Martelloni
boos @ http://boos.core-dumped.info <http://boos.core-dumped.info/>
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
Jamie Levy (@gleeda)
Blog: http://volatility-labs.blogspot.com/
GPG: http://pgp.mit.edu/pks/lookup?op=get&search=0x196B2AB527A4AC92
Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
10:42 p.m.
New subject: Unable to parse memory on ARMv6.1 with linux 2.6.31.14 + grsec+pax
Can you give us the debug output?
On Tue, Apr 1, 2014 at 5:28 AM, Roberto Martelloni <rmartelloni(a)gmail.com>wrote:
Hi all,
I've followed the documentation to first dump the memory device cross
compiling lime and then creating the profile for a linux device on arm.
Unfortunately I wasn't able to use volatility on the memory dump.
I'm using volatility 2.3.1, the kernel is a linux vanilla 2.6.31.14 + a
custom grsecurity+pax configuration.
Below some output from the commands, any suggestion on next step to
troubleshoot where is the problem ?
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --info | grep
Profile | grep Linux
Volatility Foundation Volatility Framework 2.3.1
LinuxTESTARM - A Profile for Linux TEST ARM
$ python vol.py -f /home/boos/arm-mem-image imageinfo
Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with
LinuxUbuntu1204x64)
AS Layer1 : LimeAddressSpace (Unnamed AS)
AS Layer2 : FileAddressSpace
(/home/boos/arm-mem-image)
PAE type : No PAE
DTB : 0x1c0d000L
Traceback (most recent call last):
File "vol.py", line 184, in <module>
main()
File "vol.py", line 175, in main
command.execute()
File "/home/boos/Downloads/volatility-2.3.1/volatility/commands.py",
line 122, in execute
func(outfd, data)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 36, in render_text
for k, v in data:
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 93, in calculate
kdbgoffset = volmagic.KDBG.v()
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
737, in __getattr__
return self.m(attr)
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
719, in m
raise AttributeError("Struct {0} has no member
{1}".format(self.obj_name, attr))
AttributeError: Struct VOLATILITY_MAGIC has no member KDBG
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --profile
LinuxTESTARM -f /home/boos/arm-mem-image linux_dmesg
Volatility Foundation Volatility Framework 2.3.1
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
VMWareSnapshotFile: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
MachOAddressSpace: MachO Header signature invalid
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VirtualBoxCoreDumpElf64: ELF64 Header signature invalid
VMWareSnapshotFile: Invalid VMware signature: 0x0
WindowsCrashDumpSpace32: Header signature invalid
AMD64PagedMemory: Incompatible profile LinuxTESTARM selected
IA32PagedMemoryPae: Failed valid Address Space check
IA32PagedMemory: Failed valid Address Space check
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
--
Roberto Martelloni
boos @ http://boos.core-dumped.info
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
6:49 a.m.
New subject: Unable to parse memory on ARMv6.1 with linux 2.6.31.14 + grsec+pax
off course. here in the attachment.
On Wed, Apr 2, 2014 at 3:42 AM, Joe Sylve <joe.sylve(a)gmail.com> wrote:
Can you give us the debug output?
On Tue, Apr 1, 2014 at 5:28 AM, Roberto Martelloni <rmartelloni(a)gmail.com>wrote:
--
Roberto Martelloni
boos @ http://boos.core-dumped.info
Hi all,
I've followed the documentation to first dump the memory device cross
compiling lime and then creating the profile for a linux device on arm.
Unfortunately I wasn't able to use volatility on the memory dump.
I'm using volatility 2.3.1, the kernel is a linux vanilla 2.6.31.14 + a
custom grsecurity+pax configuration.
Below some output from the commands, any suggestion on next step to
troubleshoot where is the problem ?
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --info | grep
Profile | grep Linux
Volatility Foundation Volatility Framework 2.3.1
LinuxTESTARM - A Profile for Linux TEST ARM
$ python vol.py -f /home/boos/arm-mem-image imageinfo
Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with
LinuxUbuntu1204x64)
AS Layer1 : LimeAddressSpace (Unnamed AS)
AS Layer2 : FileAddressSpace
(/home/boos/arm-mem-image)
PAE type : No PAE
DTB : 0x1c0d000L
Traceback (most recent call last):
File "vol.py", line 184, in <module>
main()
File "vol.py", line 175, in main
command.execute()
File "/home/boos/Downloads/volatility-2.3.1/volatility/commands.py",
line 122, in execute
func(outfd, data)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 36, in render_text
for k, v in data:
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 93, in calculate
kdbgoffset = volmagic.KDBG.v()
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
737, in __getattr__
return self.m(attr)
File "/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
719, in m
raise AttributeError("Struct {0} has no member
{1}".format(self.obj_name, attr))
AttributeError: Struct VOLATILITY_MAGIC has no member KDBG
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --profile
LinuxTESTARM -f /home/boos/arm-mem-image linux_dmesg
Volatility Foundation Volatility Framework 2.3.1
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
VMWareSnapshotFile: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
MachOAddressSpace: MachO Header signature invalid
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VirtualBoxCoreDumpElf64: ELF64 Header signature invalid
VMWareSnapshotFile: Invalid VMware signature: 0x0
WindowsCrashDumpSpace32: Header signature invalid
AMD64PagedMemory: Incompatible profile LinuxTESTARM selected
IA32PagedMemoryPae: Failed valid Address Space check
IA32PagedMemory: Failed valid Address Space check
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
--
Roberto Martelloni
boos @ http://boos.core-dumped.info
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
3:24 p.m.
Can you please send the command line input/output from when you created
the profile and when you used LiME to acquire memory? This will greatly
help us debug the issue.
Thanks,
Andrew (@attrc)
On 4/2/2014 5:49 AM, Roberto Martelloni wrote:
off course. here in the attachment.
On Wed, Apr 2, 2014 at 3:42 AM, Joe Sylve <joe.sylve(a)gmail.com
<mailto:joe.sylve@gmail.com>> wrote:
Can you give us the debug output?
On Tue, Apr 1, 2014 at 5:28 AM, Roberto Martelloni
<rmartelloni(a)gmail.com <mailto:rmartelloni@gmail.com>> wrote:
Hi all,
I've followed the documentation to first dump the memory device
cross compiling lime and then creating the profile for a linux
device on arm.
Unfortunately I wasn't able to use volatility on the memory dump.
I'm using volatility 2.3.1, the kernel is a linux vanilla
2.6.31.14 + a custom grsecurity+pax configuration.
Below some output from the commands, any suggestion on next step
to troubleshoot where is the problem ?
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --info |
grep Profile | grep Linux
Volatility Foundation Volatility Framework 2.3.1
LinuxTESTARM - A Profile for Linux TEST ARM
$ python vol.py -f /home/boos/arm-mem-image imageinfo
Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated
with LinuxUbuntu1204x64)
AS Layer1 : LimeAddressSpace (Unnamed AS)
AS Layer2 : FileAddressSpace
(/home/boos/arm-mem-image)
PAE type : No PAE
DTB : 0x1c0d000L
Traceback (most recent call last):
File "vol.py", line 184, in <module>
main()
File "vol.py", line 175, in main
command.execute()
File
"/home/boos/Downloads/volatility-2.3.1/volatility/commands.py",
line 122, in execute
func(outfd, data)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 36, in render_text
for k, v in data:
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 93, in calculate
kdbgoffset = volmagic.KDBG.v()
File
"/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
737, in __getattr__
return self.m(attr)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
719, in m
raise AttributeError("Struct {0} has no member
{1}".format(self.obj_name, attr))
AttributeError: Struct VOLATILITY_MAGIC has no member KDBG
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py
--profile LinuxTESTARM -f /home/boos/arm-mem-image linux_dmesg
Volatility Foundation Volatility Framework 2.3.1
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
VMWareSnapshotFile: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
MachOAddressSpace: MachO Header signature invalid
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in
profile
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VirtualBoxCoreDumpElf64: ELF64 Header signature invalid
VMWareSnapshotFile: Invalid VMware signature: 0x0
WindowsCrashDumpSpace32: Header signature invalid
AMD64PagedMemory: Incompatible profile LinuxTESTARM selected
IA32PagedMemoryPae: Failed valid Address Space check
IA32PagedMemory: Failed valid Address Space check
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
--
Roberto Martelloni
boos @ http://boos.core-dumped.info <http://boos.core-dumped.info/>
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
<mailto:Vol-users@volatilityfoundation.org>
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
Roberto Martelloni
boos @ http://boos.core-dumped.info <http://boos.core-dumped.info/>
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
7:54 a.m.
New subject: Unable to parse memory on ARMv6.1 with linux 2.6.31.14 + grsec+pax
Hi Andrew,
apologies for the late reply.
I've first compiled the module changing some paths in the Makefile for
using as a root linux directory the path of my cross compiled kernel.
Then I've created the profile as described in the documentation. Using the
system.map in the cross compiled kernel
For lime I've used: insmod lime.ko path=/filepath.dump format=lime
On 6 April 2014 20:24, Andrew Case <atcuno(a)gmail.com> wrote:
Can you please send the command line input/output from
when you created
the profile and when you used LiME to acquire memory? This will greatly
help us debug the issue.
Thanks,
Andrew (@attrc)
On 4/2/2014 5:49 AM, Roberto Martelloni wrote:
--
Roberto Martelloni
boos @ http://boos.core-dumped.info
off course. here in the attachment.
On Wed, Apr 2, 2014 at 3:42 AM, Joe Sylve <joe.sylve(a)gmail.com
<mailto:joe.sylve@gmail.com>> wrote:
Can you give us the debug output?
On Tue, Apr 1, 2014 at 5:28 AM, Roberto Martelloni
<rmartelloni(a)gmail.com <mailto:rmartelloni@gmail.com>> wrote:
Hi all,
I've followed the documentation to first dump the memory device
cross compiling lime and then creating the profile for a linux
device on arm.
Unfortunately I wasn't able to use volatility on the memory dump.
I'm using volatility 2.3.1, the kernel is a linux vanilla
2.6.31.14 + a custom grsecurity+pax configuration.
Below some output from the commands, any suggestion on next step
to troubleshoot where is the problem ?
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py --info |
grep Profile | grep Linux
Volatility Foundation Volatility Framework 2.3.1
LinuxTESTARM - A Profile for Linux TEST ARM
$ python vol.py -f /home/boos/arm-mem-image imageinfo
Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated
with LinuxUbuntu1204x64)
AS Layer1 : LimeAddressSpace (Unnamed AS)
AS Layer2 : FileAddressSpace
(/home/boos/arm-mem-image)
PAE type : No PAE
DTB : 0x1c0d000L
Traceback (most recent call last):
File "vol.py", line 184, in <module>
main()
File "vol.py", line 175, in main
command.execute()
File
"/home/boos/Downloads/volatility-2.3.1/volatility/commands.py",
line 122, in execute
func(outfd, data)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 36, in render_text
for k, v in data:
File
"/home/boos/Downloads/volatility-2.3.1/volatility/plugins/imageinfo.py",
line 93, in calculate
kdbgoffset = volmagic.KDBG.v()
File
"/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
737, in __getattr__
return self.m(attr)
File
"/home/boos/Downloads/volatility-2.3.1/volatility/obj.py", line
719, in m
raise AttributeError("Struct {0} has no member
{1}".format(self.obj_name, attr))
AttributeError: Struct VOLATILITY_MAGIC has no member KDBG
boos@vnoise:~/Downloads/volatility-2.3.1$ python vol.py
--profile LinuxTESTARM -f /home/boos/arm-mem-image linux_dmesg
Volatility Foundation Volatility Framework 2.3.1
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
VMWareSnapshotFile: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
MachOAddressSpace: MachO Header signature invalid
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in
profile
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VirtualBoxCoreDumpElf64: ELF64 Header signature invalid
VMWareSnapshotFile: Invalid VMware signature: 0x0
WindowsCrashDumpSpace32: Header signature invalid
AMD64PagedMemory: Incompatible profile LinuxTESTARM selected
IA32PagedMemoryPae: Failed valid Address Space check
IA32PagedMemory: Failed valid Address Space check
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
--
Roberto Martelloni
boos @ http://boos.core-dumped.info <
http://boos.core-dumped.info/>
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org <mailto:
Vol-users(a)volatilityfoundation.org>
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
Roberto Martelloni
boos @ http://boos.core-dumped.info <http://boos.core-dumped.info/>
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
3865
days inactive
3880
days old
vol-users@lists.volatilityfoundation.org
5 comments
4 participants
participants (4)
-
Andrew Case -
Jamie Levy -
Joe Sylve -
Roberto Martelloni