Hi, I'm trying to compile LiME for a given Android Virtual Device (AVD) Platform 4.4.2 API Level 19 CPU Intel Atom (x86) I have no information about how the AVD was created. Does in this case investigation with LiME/Volatility make sense at all? Should LiME be able to handle the Atom-Processor? If yes: Should Volatility be able to handle the LiME dump? If any answer up to now was no: No further reading necessary. :-( But please enlighten me. ;-) If this in principle is not an impossible plan then how do I have to handle the following warnings/errors? (a) LiME compiles but gives me a WARNING: Symbol version dump ~/android/kernel/goldfish/Module.symvers is missing; modules will have no dependencies and modversions. (b) insmod fails insmod: init_module '/sdcard/lime.ko' failed (No such file or directory) (but of course there is a '/sdcard/lime.ko') (c) dmesg reports lime: Unknown symbol _GLOBAL_OFFSET_TABLE_ (err 0) lime: Unknown symbol kmap (err 0) lime: Unknown symbol kunmap (err 0) Is it correct to expect, that (b) and (c) are a result from (a)? What is to be done? Compiling the kernel and hope the Module.symvers fits to the AVD symbols? The LiME documentation does not mention a need for compiling the Android kernel. Or do I have to work on the kernel's .config? As always there is no /proc/config.gz on the phone/AVD. (At least I have not seen any /proc/config.gz on my devices so far.) Instead in this case I worked on the goldfish/arch/x86/configs/i386_defconfig until the AVD accepted the version magic. Just in case it is useful, here is in detail what I did so far: ________________________________________ ### the AVD ### cat /proc/version Linux version 3.4.0+ (nnk(a)nnk.mtv.corp.google.com) (gcc version 4.7 (GCC) ) #1 PREEMPT Wed Jul 10 09:55:37 PDT 2013 ________________________________________ ### Goldfish kernel 3.4.0+ for LiME compilation ### $ mkdir -p ~/android/kernel && cd $_ $ git clone https://android.googlesource.com/kernel/goldfish.git $ cd goldfish $ git branch -a $ git checkout origin/android-goldfish-3.4 -b goldfish-3.4 $ git log --pretty=oneline | grep -i 'linux 3.4$' $ git checkout 76e10d1 -b goldfish-3.4-76e10d1 $ cp arch/x86/configs/i386_defconfig .config ________________________________________ ### modify .config in order to get correct version ### ### magic: '3.4.0+ preempt mod_unload CORE2 ' ### $ diff arch/x86/configs/i386_defconfig .config 39c39,41 < CONFIG_SMP=y --- 43c45 < CONFIG_PREEMPT_VOLUNTARY=y --- ________________________________________ ### prepare kernel for module compilation ### $ make ARCH=x86 CROSS_COMPILE=~/android/ndk/toolchains/ x86-4.9/prebuilt/linux-x86_64/bin/i686-linux-android- modules_prepare ________________________________________ ### LiME Makefile ### obj-m := lime.o lime-objs := tcp.o disk.o main.o KDIR_GOLD := ~/android/kernel/goldfish/ CCPATH := ~/android/ndk/toolchains/x86-4.9/prebuilt/linux-x86_64/bin PWD := $(shell pwd) default: # cross-compile for Android emulator $(MAKE) ARCH=x86 CROSS_COMPILE=$(CCPATH)/i686-linux-android- -C $(KDIR_GOLD) M=$(PWD) modules $(CCPATH)/i686-linux-android-strip --strip-unneeded lime.ko mv lime.ko lime-goldfish.ko $(MAKE) tidy tidy: rm -f *.o *.mod.c Module.symvers Module.markers modules.order \.*.o.cmd \.*.ko.cmd \.*.o.d rm -rf \.tmp_versions clean: $(MAKE) tidy rm -f *.ko ________________________________________ Thanks, Philipp