search

arjunsingharyan / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

"This command does not support the profile" Error #527

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Using the latest volatility with Gentoo 3.12 64bit
2. Used LIME to dump memory image (insmod lime.ko "path=/root/limetest.mem 
format=lime"
3. Created Profile by zipping the module.dwarf outputed from 
volatility-master/tools/linux/make using LibDwarf 2014-04-13 and System.map 
from /boot. 

What is the expected output? What do you see instead?
python vol.py --profile=LinuxGentoo3_12x64 -f /root/limedump.mem imageinfo 
--debug
Volatility Foundation Volatility Framework 2.4
*** Failed to import volatility.plugins.linux.netscan (ImportError: No module 
named yara)
*** Failed to import volatility.plugins.dumpcerts (NameError: name 'yara' is 
not defined)
DEBUG   : volatility.plugins.overlays.linux.linux: Gentoo3.12: Found dwarf file 
boot/System.map-3.12.44-gentoo with 608 symbols
DEBUG   : volatility.plugins.overlays.linux.linux: Gentoo3.12: Found system 
file boot/System.map-3.12.44-gentoo with 1 symbols
DEBUG   : volatility.obj      : Applying modification from BashHashTypes
DEBUG   : volatility.obj      : Applying modification from BashTypes
DEBUG   : volatility.obj      : Applying modification from BasicObjectClasses
DEBUG   : volatility.obj      : Applying modification from ELF32Modification
DEBUG   : volatility.obj      : Applying modification from ELF64Modification
DEBUG   : volatility.obj      : Applying modification from ELFModification
DEBUG   : volatility.obj      : Applying modification from HPAKVTypes
DEBUG   : volatility.obj      : Applying modification from LimeTypes
DEBUG   : volatility.obj      : Applying modification from 
LinuxTruecryptModification
DEBUG   : volatility.obj      : Applying modification from MachoModification
DEBUG   : volatility.obj      : Applying modification from MachoTypes
DEBUG   : volatility.obj      : Applying modification from MbrObjectTypes
DEBUG   : volatility.obj      : Applying modification from 
VMwareVTypesModification
DEBUG   : volatility.obj      : Applying modification from 
VirtualBoxModification
DEBUG   : volatility.obj      : Applying modification from LinuxIntelOverlay
DEBUG   : volatility.obj      : Applying modification from LinuxKmemCacheOverlay
DEBUG   : volatility.plugins.overlays.linux.linux: Requested symbol cache_chain 
not found in module kernel

DEBUG   : volatility.obj      : Applying modification from LinuxMountOverlay
DEBUG   : volatility.obj      : Applying modification from LinuxObjectClasses
DEBUG   : volatility.obj      : Applying modification from LinuxOverlay
ERROR   : volatility.commands : This command does not support the profile 
LinuxGentoo3_12x64

What version of the product are you using? On what operating system?
Gentoo is in a VMWare guest

Please provide any additional information below.
I tried on other kernel versions in Gentoo but I keep getting the "Requested 
symbol cache_chain not found in module kernel" error. Also, there should be 
more than 1 symbol from System.map loaded, shouldn't there?
I can't find "cache_chain" by grepping through System.map or module.dwarf

Original issue reported on code.google.com by taku...@gmail.com on 29 Jun 2015 at 1:19

GoogleCodeExporter commented 8 years ago 
Please file all new bugs on github, this site has been closed for nearly a year.

Original comment by mike.auty@gmail.com on 30 Jun 2015 at 7:22