ECToo / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

Fail to create Linux profilies on Debian Lenny (kernel 2.6.26) #471

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Download Debian Lenny amd64 from 
http://ftp.riken.go.jp/Linux/debian/debian-cdimage/archive/5.0.3/amd64/iso-cd/de
bian-503-amd64-netinst.iso
2. Install Debian in a VirtualBox machine.
3. apt-get install dwarfdump linux-headers-2.6-amd64 make gcc
4. At tools/linux, run 'make'.

What is the expected output? What do you see instead?

make -C //lib/modules/2.6.26-2-amd64/build CONFIG_DEBUG_INFO=y 
M=/root/tools/linux modules
make[1]: Entrando no diretório `/usr/src/linux-headers-2.6.26-2-amd64'
  CC [M]  /root/tools/linux/module.o
/root/tools/linux/module.c:224:5: warning: "STATS" is not defined
/root/tools/linux/module.c:240:5: warning: "DEBUG" is not defined
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /root/tools/linux/module.mod.o
  LD [M]  /root/tools/linux/module.ko
make[1]: Saindo do diretório `/usr/src/linux-headers-2.6.26-2-amd64'
dwarfdump -di module.ko > module.dwarf
dwarfdump ERROR:  dwarf_siblingof:  DW_DLE_FIRST_DIE_NOT_CU (105)
make: ** [dwarf] Erro 1

What version of the product are you using? On what operating system?

Debian Lenny 5.0.10. GCC 4.3.2.

Please provide any additional information below.

None.

Thanks.

Original issue reported on code.google.com by eriberto...@gmail.com on 10 Jan 2014 at 1:20

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by michael.hale@gmail.com on 12 Jan 2014 at 6:28

GoogleCodeExporter commented 9 years ago
Andrew, please provide an update. Is there a specific version of dwarfdump that 
should be installed to get this working? 

Original comment by michael.hale@gmail.com on 7 Mar 2014 at 5:28

GoogleCodeExporter commented 9 years ago
Hello,

This is actually a bug with the dwarfdump you have as it cannot parse the debug 
information created by GCC/the kernel as it compiles our module. Could you try 
the latest version of dwarfdump ( 
http://www.prevanders.net/libdwarf-20140208.tar.gz ) and run the make command 
again? Instructions to compile it from source are here: 
http://wiki.dwarfstd.org/index.php?title=Libdwarf_And_Dwarfdump but it is 
pretty straightforward. You can use the --prefix option to configure to make 
your dwarfdump install in a non-global directory and then point Volatility's 
Makefile to it or just manually run dwarfdump -di on module.ko

Original comment by atc...@gmail.com on 9 Mar 2014 at 10:43

GoogleCodeExporter commented 9 years ago
If you have any issues with the compilation of dwarfdump please let us know.

Original comment by atc...@gmail.com on 9 Mar 2014 at 10:43

GoogleCodeExporter commented 9 years ago
Hey guys, I'm going to close this issue since its a known problem with 
dwarfdump, and a workaround has been provided. 

Eribertomota, please do feel free to reopen the issue if the workaround doesn't 
work for you!

Original comment by michael.hale@gmail.com on 10 Mar 2014 at 3:23