[Urgent - Please help!] What is the appropriate kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ]

[jotunel]

$ uname -a Linux UbuntuVM 5.19.0-42-generic #43~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Apr 21 16:51:08 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: https://github.com/volatilityfoundation/volatility/issues/828)

If I use the compressed ..ddeb file I get a "bad magic number" error.

sudo ./dwarf2json linux --elf linux-image-5.19.0-41-generic-dbgsym_5.19.0-41.42_amd64.ddeb > kernel.json
[sudo] password for odin: 
Failed linux processing: could not open linux-image-5.19.0-41-generic-dbgsym_5.19.0-41.42_amd64.ddeb: bad magic number '[33 60 97 114]' in record at byte 0x0

The error message I encountered indicates that the dwarf2json tool was unable to open the specified .ddeb file. The reason for this could be that the dwarf2json tool expects an ELF file as input, not a .ddeb file.

The .ddeb files I downloaded are Debian debug symbol packages, and they are not directly compatible with the dwarf2json tool. The tool typically expects uncompressed ELF files.

So, where can I find the uncompressed ELF file for this kernel version? Help me please, it's urgent. Thanks a lot!

[miszr]

You will need to extract the ddeb to get access to the Kernel ELF file. Once extracted running the dwarf2json command and specifying the vmlinux ELF file will generate the expected result.