ECToo / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

vol filed to load dumps from /dev/crash #464

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. dd if=/dev/crash of=dump.crash
2. vol.py -v --profile=LinuxAndroidARM -f dump.crash -ddd linux_tmpfs -L
3.

What is the expected output? What do you see instead?

I expect the list of filesystems

log of my output is attached in tmpfs-ddd.log

What version of the product are you using? On what operating system?

vol-2.3.1
python-2.7.3
ubuntu-12.04

Please provide any additional information below.

mainline crash does not have any issues with dump.crash

Original issue reported on code.google.com by vitaly.v...@gmail.com on 21 Nov 2013 at 10:02

Attachments:

GoogleCodeExporter commented 9 years ago
I'm not sure if the crash format is compatible.  Andrew?

Original comment by jamie.l...@gmail.com on 21 Nov 2013 at 5:03

GoogleCodeExporter commented 9 years ago
Guys,

crash format is raw format prefixed by simple elf-prefix. It's bad idea don't 
accept them.

Original comment by vitaly.v...@gmail.com on 22 Nov 2013 at 10:57

GoogleCodeExporter commented 9 years ago

Original comment by jamie.l...@gmail.com on 22 Nov 2013 at 7:15