Dik1s / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

mem_map and mem_section symbols not found in opensuse profile #383

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
$ python2.6 vol.py --profile=LinuxOpenSuSE12x86 -f 
/Volumes/Storage/memory/Linux/opensuse.lime linux_tmpfs --sb=5 --dump-dir=files
Volatile Systems Volatility Framework 2.3_alpha
WARNING : volatility.obj      : Overlay structure tty_struct not present in 
vtypes
ERROR   : volatility.plugins.overlays.linux.linux: phys_addr_of_page: Unable to 
determine physical address of page

that comes from the page.to_paddr() function after trying to look up the 
symbols:

mem_map_addr = self.obj_vm.profile.get_symbol("mem_map")
mem_section_addr = self.obj_vm.profile.get_symbol("mem_section")

Original issue reported on code.google.com by michael.hale@gmail.com on 22 Feb 2013 at 2:22

GoogleCodeExporter commented 8 years ago
We definitely won't be able to fix this one before 2.3. For some reason that 
Suse image is using NUMA, which is for multiple physical CPUs and we currently 
do not support that and it would take a good bit of work to get the Linux 
backend code to work with it. 

This is the first NUMA enabled sample we have had so far and it really makes no 
sense for it to be enabled on a desktop distro..

If you want we can make the error easier to understand and possibly reference 
this bug if you want.

Original comment by atc...@gmail.com on 29 Mar 2013 at 6:24

GoogleCodeExporter commented 8 years ago
Fixed in r3209 (updating the error message that is). NUMA support if we add in 
the future will be a separate issue. 

Original comment by michael.hale@gmail.com on 29 Mar 2013 at 10:28