linux_moddump fails since kernel commit 8244062ef1e54502ef55f54cced659913f244c3e

[unixist]

unsigned int num_symtab is now in struct mod_kallsyms and no longer in struct module.

$ python vol.py --profile=<profile>  -f <image>  linux_moddump --dump-dir <dir>
Volatility Foundation Volatility Framework 2.5
FIXING
Traceback (most recent call last):
  File "vol.py", line 192, in <module>
    main()
  File "vol.py", line 183, in main
    command.execute()
  File "/media/unixist/untitled/volatility/volatility/plugins/linux/common.py", line 63, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "/media/unixist/untitled/volatility/volatility/commands.py", line 147, in execute
    func(outfd, data)
  File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 651, in render_text
    mod_data = self._get_module_data(module)
  File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 596, in _get_module_data
    (updated_sections, symtab_idx, load_addr) = self._parse_sections(module)
  File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 278, in _parse_sections
    str_section_data = self._fix_sym_table(module, sect_sa)
  File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 487, in _fix_sym_table
    print "walking %d syms to be fixed...." % module.num_symtab
  File "/media/unixist/untitled/volatility/volatility/obj.py", line 751, in __getattr__
    return self.m(attr)
  File "/media/unixist/untitled/volatility/volatility/obj.py", line 733, in m
    raise AttributeError("Struct {0} has no member {1}".format(self.obj_name, attr))
AttributeError: Struct module has no member num_symtab

[atcuno]

Hey,

What OS and kernel version is your memory sample from?

Thanks, Andrew (@attrc)

On 06/14/2016 05:27 PM, Sean Williams wrote:

unsigned int num_symtab is now in struct mod_kallsyms and no longer in struct module.

$ python vol.py --profile= -f linux_moddump --dump-dir

Volatility Foundation Volatility Framework 2.5 FIXING Traceback (most recent call last): File "vol.py", line 192, in main() File "vol.py", line 183, in main command.execute() File "/media/unixist/untitled/volatility/volatility/plugins/linux/common.py", line 63, in execute commands.Command.execute(self, /args, */kwargs) File "/media/unixist/untitled/volatility/volatility/commands.py", line 147, in execute func(outfd, data) File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 651, in render_text mod_data = self./get_module_data(module) File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 596, in /get_module_data (updated_sections, symtab_idx, load_addr) = self._parse_sections(module) File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 278, in _parse_sections str_section_data = self._fix_sym_table(module, sect_sa) File "/media/unixist/untitled/volatility/volatility/plugins/linux/lsmod.py", line 487, in _fix_sym_table print "walking %d syms to be fixed...." % module.num_symtab File "/media/unixist/untitled/volatility/volatility/obj.py", line 751, in __getattr// return self.m(attr) File "/media/unixist/untitled/volatility/volatility/obj.py", line 733, in m raise AttributeError("Struct {0} has no member {1}".format(self.obj_name, attr)) AttributeError: Struct module has no member num_symtab

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/volatilityfoundation/volatility/issues/312, or mute the thread https://github.com/notifications/unsubscribe/AAZTaRexptlp0G9Enj0d68-FFUe5nQhiks5qLyq3gaJpZM4I10z-.

[unixist]

Howdy,

This is on Ubuntu 16.04, kernel 4.4.0-24.

[atcuno]

Hey,

Thanks for the report. This should be fixed now:

https://github.com/volatilityfoundation/volatility/commit/f8c7c38b70852f2d0b8728bd5c27f6e026a9a355

I will close the ticket but please re-open if still have issues.