Closed marseaplage closed 1 year ago
eve-mem
commented
1 year ago Hello,
It looks like vol found the symbols you created, so that part looks correct.
Could you tell me how you acquired the memory image? (E.g. a vm snapshot that's likely very clean or something live like lime)
marseaplage
commented
1 year ago Hello,
It looks like vol found the symbols you created, so that part looks correct.
Could you tell me how you acquired the memory image? (E.g. a vm snapshot that's likely very clean or something live like lime)
HI Eve-mem. I acquired the memory dump with lime by using just this command: sudo insmod ./lime-5.4.0-150-generic.ko "path=/home/prueba/ubuntu-10062023.mem format=raw"
eve-mem
commented
1 year ago Ah, unfortunately the raw format from lime has holes in it which means that parts of memory end up out of sync. That is why vol is able to work out what symbols to use, but then when it attempts to find the first process it's not there.
If you can reacquire with lime the padded or lime format will work.
eve-mem
commented
1 year ago I have raised an issue for LiME to see if the authors might consider making this warning more explicit.
marseaplage
commented
1 year ago I have raised an issue for LiME to see if the authors might consider making this warning more explicit.
Thank you @eve-mem I will try it today and I will tell you if it works
eve-mem
commented
1 year ago Any luck?
marseaplage
commented
1 year ago Any luck?
Indeed !! I created the memory dump with lime format and it works successfully !! Thank you so much for your great help !!!
`prueba@test:~/volatility3$ sudo python3 ./vol.py -f /home/prueba/ubuntu-10062023.mem linux.sockstat.Sockstat
Volatility 3 Framework 2.4.2
Progress: 100.00 Stacking attempts finished
NetNS Pid FD Sock Offset Family Type Proto Source Addr Source Port Destination Addr Destination Port State Filter
4026531992 1 15 0x9d64e1aa6000 AF_NETLINK RAW NETLINK_KOBJECT_UEVENT groups:0x00000002 1 group:0x00000000 0 UNCONNECTED filter_type=socket_filter,bpf_filter_type=cBPF 4026531992 1 16 0x9d64f2749000 AF_UNIX DGRAM - /run/systemd/notify 26590 - - UNCONNECTED - 4026531992 1 17 0x9d64f2749400 AF_UNIX DGRAM - - 26591 - 26592 UNCONNECTED - 4026531992 1 18 0x9d64f274bc00 AF_UNIX DGRAM - - 26592 - 26591 UNCONNECTED - 4026531992 1 19 0x9d64f274a000 AF_UNIX STREAM - /run/systemd/private 26593 - - LISTEN - 4026531992 1 20 0x9d64f274f000 AF_UNIX STREAM - /run/systemd/userdb/io.systemd.DynamicUser 26595 - - LISTEN - 4026531992 1 24 0x9d64f2748000 AF_UNIX STREAM - /run/sys`
eve-mem
commented
1 year ago Great! Glad that worked for you.
ikelos
commented
1 year ago Great work @eve-mem , thanks! Marking as closed... 5:)
yassine955
commented
6 months ago @eve-mem I have a question. Do you know how I can compile with LiME. All these tutorials and documentations, are not working. Maybe because they are to old. I have the google kernel, and the exact clang compiler that was used in proc/version.
I already made a profile, i got the System.map / vmlinux, made a profile in dwarf2json, but linux.pslist shows no results.
I am using the ram.bin memory dump file, created by android studio snapshot
eve-mem
commented
6 months ago Hello @yassine955 - you're probably better off making a new issue and including the full description and the log outputs, then we can help there.
When using lime be sure not to use the raw format. That won't work.
Describe the bug Volatility3 doesn't show anything with any plugin
Context Volatility Version: Volatility 3 Framework 2.4.2 Operating System: Ubuntu 20.04
Python Version: Python 3.8.10 Suspected Operating System:
Command:
To Reproduce I follow the same steps as this tutorial from the section "Linux ISF" and my kernel is 5.4.0-150-generic
OFFSET (V) PID TID PPID COMM
(empty)
Expected behavior To show processes
Example output Please copy and paste the text demonstrating the issue, ideally with verbose output turned on (
vol.py -vvv ...).other output:
INFO volatility3.cli: Volatility plugins path: ['/home/prueba/volatility3/volatility3/plugins', '/home/prueba/volatility3/volatility3/framework/plugins'] INFO volatility3.cli: Volatility symbols path: ['/home/prueba/volatility3/volatility3/symbols', '/home/prueba/volatility3/volatility3/framework/symbols'] INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/yarascan.py", line 20, in
raise ImportError
ImportError
DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: /home/prueba/volatility3/volatility3/framework/plugins/yarascan.py DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/lsadump.py", line 8, in
from Crypto.Cipher import ARC4, DES, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.lsadump based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/lsadump.py INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/netscan.py", line 17, in
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netscan based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/netscan.py DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/hashdump.py", line 10, in
from Crypto.Cipher import AES, ARC4, DES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.hashdump based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/hashdump.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/vadyarascan.py", line 11, in
from volatility3.plugins import yarascan
File "/home/prueba/volatility3/volatility3/framework/plugins/yarascan.py", line 20, in
raise ImportError
ImportError
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/vadyarascan.py INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/netstat.py", line 15, in
from volatility3.plugins.windows import netscan, modules, info, verinfo
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/netscan.py", line 17, in
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netstat based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/netstat.py INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.verinfo based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/verinfo.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/svcscan.py", line 16, in
from volatility3.plugins.windows import poolscanner, vadyarascan, pslist
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/vadyarascan.py", line 11, in
from volatility3.plugins import yarascan
File "/home/prueba/volatility3/volatility3/framework/plugins/yarascan.py", line 20, in
raise ImportError
ImportError
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.svcscan based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/svcscan.py DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/skeleton_key_check.py", line 18, in
import pefile
ModuleNotFoundError: No module named 'pefile'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.skeleton_key_check based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/skeleton_key_check.py INFO volatility3.plugins.yarascan: Python Yara (>3.8.0) module not found, plugin (and dependent plugins) not available DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/mftscan.py", line 13, in
from volatility3.plugins import timeliner, yarascan
File "/home/prueba/volatility3/volatility3/framework/plugins/yarascan.py", line 20, in
raise ImportError
ImportError
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.mftscan based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/mftscan.py DEBUG volatility3.framework: Traceback (most recent call last): File "/home/prueba/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/prueba/volatility3/volatility3/framework/plugins/windows/cachedump.py", line 8, in
from Crypto.Cipher import ARC4, AES
ModuleNotFoundError: No module named 'Crypto'
DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cachedump based on file: /home/prueba/volatility3/volatility3/framework/plugins/windows/cachedump.py INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.windows.cachedump, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.mftscan, volatility3.plugins.windows.netscan, volatility3.plugins.windows.netstat, volatility3.plugins.windows.skeleton_key_check, volatility3.plugins.windows.svcscan, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan INFO volatility3.framework.automagic: Detected a linux category plugin INFO volatility3.framework.automagic: Running automagic: ConstructionMagic Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic INFO volatility3.framework.automagic: Running automagic: LayerStacker Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 5.4.0-150-generic (buildd@bos03-amd64-009) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #167-Ubuntu SMP Mon May 15 17:35:05 UTC 2023 (Ubuntu 5.4.0-150.167-generic 5.4.233)\n\x00' DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!assoc_array_ptr DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!netns_ipvs DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!mtd_info DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!can_pkg_stats DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!can_rcv_lists_stats DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!can_dev_rcv_lists DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!mpls_route DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!sctp_mib DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!ebt_table DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!dn_dev DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!garp_port DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!mpls_dev DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!mrp_port DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!tipc_bearer DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!pcpu_dstats DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!phylink DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!cfg80211_conn DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!cfg80211_cached_keys DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!cfg80211_cqm_config DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!cfg80211_internal_bss DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!sfp DEBUG volatility3.framework.symbols: Unresolved reference: LintelStacker1!libipw_device DEBUG volatility3.framework.automagic.linux: Scanners could not determine any ASLR shifts, using 0 for both DEBUG volatility3.framework.automagic.linux: DTB was found at: 0x2a0a000 Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name.memory_layer Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['IntelLayer', 'FileLayer'] INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name DEBUG volatility3.framework.automagic.symbol_finder: Identified banner: b'Linux version 5.4.0-150-generic (buildd@bos03-amd64-009) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #167-Ubuntu SMP Mon May 15 17:35:05 UTC 2023 (Ubuntu 5.4.0-150.167-generic 5.4.233)\n\x00' DEBUG volatility3.framework.automagic.symbol_finder: Using symbol library: file:///home/prueba/volatility3/volatility3/symbols/5.4.0-150-generic.json INFO volatility3.framework.automagic: Running automagic: KernelModule
OFFSET (V) PID TID PPID COMM DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!assoc_array_ptr DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!netns_ipvs DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!mtd_info DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!can_pkg_stats DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!can_rcv_lists_stats DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!can_dev_rcv_lists DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!mpls_route DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!sctp_mib DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!ebt_table DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!dn_dev DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!garp_port DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!mpls_dev DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!mrp_port DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!tipc_bearer DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!pcpu_dstats DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!phylink DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!cfg80211_conn DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!cfg80211_cached_keys DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!cfg80211_cqm_config DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!cfg80211_internal_bss DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!sfp DEBUG volatility3.framework.symbols: Unresolved reference: symbol_table_name1!libipw_device
Text is preferred to screenshots for searching and to talk about specific parts of the output.
Additional information Add any other information about the problem here.