professor-hippo / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

Updates for linux-3.15 (failed creating profile) #507

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I had a quick stab at linux-3.15.3 and couldn't get a profile creation working, 
so I had to patch module.c

Please have a look, patch provided.

Original issue reported on code.google.com by me.kalin@gmail.com on 3 Jul 2014 at 6:13

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by michael.hale@gmail.com on 5 Jul 2014 at 2:27

GoogleCodeExporter commented 9 years ago
Hello,

With the created profile can linux_find_file correctly recover files from 
memory (meaning has actually data and not just all zeroes?)

Original comment by atc...@gmail.com on 5 Jul 2014 at 2:33

GoogleCodeExporter commented 9 years ago
I am travelling now, will be able to test on Tue-Wed.

When I submitted the patch, I tried just a few commands (I remember 
linux_ifconfig, linux_bash and linux_psaux) and they seemed to work.

Kalin.

Original comment by me.kalin@gmail.com on 5 Jul 2014 at 3:14

GoogleCodeExporter commented 9 years ago
The radix tree is only relevant to the file recovery code, so please check 
trying to recover files with linux_find_file 

Original comment by atc...@gmail.com on 10 Jul 2014 at 4:30

GoogleCodeExporter commented 9 years ago
followed up via email

Original comment by michael.hale@gmail.com on 24 Jul 2014 at 12:39