Abyss-W4tcher
commented
3 days ago Hi, by following the FAQ, you can find that the solution lies in merging two PRs in your local installation :
https://github.com/Abyss-W4tcher/volatility2-profiles#faq
This will fix the issue surely. You should give a try to volatility3, as it will work out of the box and with latest support :).
python2 vol.py -f ../ubuntu.20211208.mem --profile=LinuxUbuntu_5_4_0-1059-azure_5_4_0-1059_62~18_04_1_amd64x64 linux_bash Volatility Foundation Volatility Framework 2.6 Traceback (most recent call last): File "vol.py", line 192, in
main()
File "vol.py", line 183, in main
command.execute()
File "/home/remnux/Downloads/volatility-master/volatility/plugins/linux/common.py", line 64, in execute
commands.Command.execute(self, *args, *kwargs)
File "/home/remnux/Downloads/volatility-master/volatility/commands.py", line 116, in execute
if not self.is_valid_profile(profs[self._config.PROFILE]()):
File "/home/remnux/Downloads/volatility-master/volatility/plugins/overlays/linux/linux.py", line 216, in init
obj.Profile.init(self, args, kwargs)
File "/home/remnux/Downloads/volatility-master/volatility/obj.py", line 862, in init
self.reset()
File "/home/remnux/Downloads/volatility-master/volatility/plugins/overlays/linux/linux.py", line 227, in reset
self.load_vtypes()
File "/home/remnux/Downloads/volatility-master/volatility/plugins/overlays/linux/linux.py", line 264, in load_vtypes
vtypesvar = dwarf.DWARFParser(dwarfdata).finalize()
File "/home/remnux/Downloads/volatility-master/volatility/dwarf.py", line 71, in init
self.feed_line(line)
File "/home/remnux/Downloads/volatility-master/volatility/dwarf.py", line 162, in feed_line
self.process_statement(parsed) #pylint: disable-msg=W0142
File "/home/remnux/Downloads/volatility-master/volatility/dwarf.py", line 204, in process_statement
self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
KeyError: 'DW_AT_byte_size'
i use Python 2.7.18, dwarfdump Version "20200114" How can I anyway fix it?