dwarfdump / libelf issue - Prerequisite to Create Volatility Profile

[GoogleCodeExporter]

Dear Volatility Team,

I am trying to analyze a lime memory dump taken from the Metasploitable Project 
VM, which is running Ubuntu 8.04.

+ Download Link: 
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

After reading through the Volatility documentation to create a Profile, I 
installed "build-essential".  Unfortunately, dwarfdump was not found in the 
8.04 repository, when using the below command.

apt-cache search dwarfdump

So, I downloaded the dwarfdump source and tried to compile it.  Unfortunately, 
I receive a bunch of libelf errors.

I realize that it is probably out of your team's scope to troubleshoot 
dwarfdump compiler errors, but I would really appreciate your help in moving 
forward.

Attached is my log file that contains the history of me (1) updating apt-get's 
link repository, installing build-essentials, (3) downloading dwarfdump, (4) 
configuring dwarfdump, and (5) trying to compile dwarfdump.

Ps.  For my second job I teach a basic Forensic's class at a community college. 
 I was successful at showing the class how to use Helix to obtain a Windows 
dump and analyze it with Volatility.  My goal is to do the same with Lime an 
Volatility.

Johnny

Original issue reported on code.google.com by johnny.s...@gmail.com on 21 Feb 2013 at 1:22

Attachments:

• dwarf-problems.doc

[GoogleCodeExporter]

Original comment by jamie.l...@gmail.com on 21 Feb 2013 at 12:40

[GoogleCodeExporter]

Attached is my config.log file for dwarfdump

Original comment by johnny.s...@gmail.com on 21 Feb 2013 at 8:08

Attachments:

• config.log

[GoogleCodeExporter]

Can you try using apt-get to install:

libelf-dev

and if that doesn't work also include (but do not uninstall libelf-dev):

libelf1

Original comment by atc...@gmail.com on 21 Feb 2013 at 8:10

[GoogleCodeExporter]

Attached is a log of my libelf install and version information.

Also, below is a link to download the Metasploitable VM that I am trying this 
on if you have time.
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Thank you for your time.

Original comment by johnny.s...@gmail.com on 21 Feb 2013 at 8:37

Attachments:

• elf.log

[GoogleCodeExporter]

Do you have linux-libc-dev installed? Not sure if build-essential grabs. If not 
can you install that and try to rebuild?

Original comment by atc...@gmail.com on 21 Feb 2013 at 9:02

[GoogleCodeExporter]

I installed linux-libc-dev.  Unfortunately, that did not help to much.  I wish 
it did.  I attached 3 logs.

Original comment by johnny.s...@gmail.com on 21 Feb 2013 at 10:04

Attachments:

• libc.log
• config.log
• make.log

[GoogleCodeExporter]

The reality.sgiweb.org site is offline so I can't get a source package of 
dwarfdump to test with, but I did manage to copy off dwarfdump and libelf.so.1 
from an Ubuntu 9 VM that I had, and those binaries work fine on the 
Metasploitable VM. Those files are attached and so is the volatility profile 
for that system.

Original comment by michael.hale@gmail.com on 22 Feb 2013 at 6:34

Attachments:

• libelf.so.1
• dwarfdump
• Metasploit.zip

[GoogleCodeExporter]

Thank you Master Guru Hale.  My students and I really appreciate your 
Volatility tool, research, time, and effort.

Once I get some (Metasploitable VM / volatility labs) built for them, I will be 
sure and share them at http://www.computersecuritystudent.com

Johnny

Original comment by johnny.s...@gmail.com on 22 Feb 2013 at 9:39

[GoogleCodeExporter]

Original comment by michael.hale@gmail.com on 29 Mar 2013 at 10:33

• Changed state: Fixed