I am working with a Linux ARM arhcitecture qemu-based virtual machine. I am able to successfully create a new profile. But when I use the profile with the plugins, such as linux_pslist, I get this error message: ERROR : volatility.debug : Invalid profile LinuxdebianArm3_2ARM selected
info
vol.py --plugins=/home/afsah/Desktop/volitilityProfiles --info | grep LinuxVolatility Foundation Volatility Framework 2.6.1LinuxdebianArm3_2ARM - A Profile for Linux debianArm3.2 ARMlinux_aslr_shift - Automatically detect the Linux ASLR shiftlinux_banner - Prints the Linux banner informationlinux_yarascan - A shell in the Linux memory imageLinuxAMD64PagedMemory - Linux-specific AMD 64-bit address space.
imageinfo
Command:
vol.py --plugins=./volitilityProfiles imageinfo -f 11234-xyz.ddVolatility Foundation Volatility Framework 2.6.1INFO : volatility.debug : Determining profile based on KDBG search...Suggested Profile(s) : No suggestion (Instantiated with LinuxdebianArm3_2ARM)AS Layer1 : ArmAddressSpace (Kernel AS)AS Layer2 : FileAddressSpace (/home/afsah/Desktop/pandasReplay/qemuOutputs /qemuArm/18567a65fa07ae1b88de7f2e9d0717d8/11234-xyz.dd)PAE type : No PAEDTB : 0x4000L
atcuno
commented
4 years ago
I am working with a Linux ARM arhcitecture qemu-based virtual machine. I am able to successfully create a new profile. But when I use the profile with the plugins, such as
linux_pslist, I get this error message:ERROR : volatility.debug : Invalid profile LinuxdebianArm3_2ARM selectedCommand:
vol.py -f ./11234-xyz.dd --plugins=./volitilityProfiles --profile=LinuxdebianArm3_2ARM linux_pslistOutput:Volatility Foundation Volatility Framework 2.6.1ERROR : volatility.debug : Invalid profile LinuxdebianArm3_2ARM selectedAdditional information:
info
vol.py --plugins=/home/afsah/Desktop/volitilityProfiles --info | grep LinuxVolatility Foundation Volatility Framework 2.6.1LinuxdebianArm3_2ARM - A Profile for Linux debianArm3.2 ARMlinux_aslr_shift - Automatically detect the Linux ASLR shiftlinux_banner - Prints the Linux banner informationlinux_yarascan - A shell in the Linux memory imageLinuxAMD64PagedMemory - Linux-specific AMD 64-bit address space.imageinfo Command:
vol.py --plugins=./volitilityProfiles imageinfo -f 11234-xyz.ddVolatility Foundation Volatility Framework 2.6.1INFO : volatility.debug : Determining profile based on KDBG search...Suggested Profile(s) : No suggestion (Instantiated with LinuxdebianArm3_2ARM)AS Layer1 : ArmAddressSpace (Kernel AS)AS Layer2 : FileAddressSpace (/home/afsah/Desktop/pandasReplay/qemuOutputs /qemuArm/18567a65fa07ae1b88de7f2e9d0717d8/11234-xyz.dd)PAE type : No PAEDTB : 0x4000LI followed the steps outlined in the documentation to create a new profile. Create new profile documentation