You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was able to build a profile for Red Hat Linux 7.8 maipo x64 kernel 3.10.0-1127.19.1.el7.x86_64. The profile build without issues, showing no errors and building the zip file correctly. On Red I built libdwarf by source code and then created the module.dwarf using with the instructions provided by volatilityfoundation project.
However when I try to analyze the vmem file it fails. What can I do to troubleshoot this problem?
vol.py --profile=LinuxRedHat7_6Maipox64 -f "Snapshot.vmem" linux_bash
Volatility Foundation Volatility Framework 2.6
Pid Name Command Time Command
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64BitMap: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VMWareMetaAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
QemuCoreDumpElf: No base Address Space
VMWareAddressSpace: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
Win10AMD64PagedMemory: No base Address Space
WindowsAMD64PagedMemory: No base Address Space
LinuxAMD64PagedMemory: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
OSXPmemELF: No base Address Space
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile
WindowsCrashDumpSpace64BitMap: Header signature invalid
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VMWareMetaAddressSpace: VMware metadata file is not available
VirtualBoxCoreDumpElf64: ELF Header signature invalid
QemuCoreDumpElf: ELF Header signature invalid
VMWareAddressSpace: Invalid VMware signature: 0xf000ff53
WindowsCrashDumpSpace32: Header signature invalid
Win10AMD64PagedMemory: Incompatible profile LinuxRedHat7_6Maipox64 selected
WindowsAMD64PagedMemory: Incompatible profile LinuxRedHat7_6Maipox64 selected
LinuxAMD64PagedMemory: Failed valid Address Space check
AMD64PagedMemory: Failed valid Address Space check
IA32PagedMemoryPae: Incompatible profile LinuxRedHat7_6Maipox64 selected
IA32PagedMemory: Incompatible profile LinuxRedHat7_6Maipox64 selected
OSXPmemELF: ELF Header signature invalid
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
I followed the exact same procedure with an Ubuntu 16.06.4 LTS with kernel 4.4.0-177-generic and it worked I was able to analyze the memory on that system with the custom profile that I built, however with Red Hat it does not work, what can I do to solve the problem? Thanks.
The text was updated successfully, but these errors were encountered:
I was able to build a profile for Red Hat Linux 7.8 maipo x64 kernel 3.10.0-1127.19.1.el7.x86_64. The profile build without issues, showing no errors and building the zip file correctly. On Red I built libdwarf by source code and then created the module.dwarf using with the instructions provided by volatilityfoundation project.
However when I try to analyze the vmem file it fails. What can I do to troubleshoot this problem?
vol.py --profile=LinuxRedHat7_6Maipox64 -f "Snapshot.vmem" linux_bash
Volatility Foundation Volatility Framework 2.6
Pid Name Command Time Command
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64BitMap: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VMWareMetaAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
QemuCoreDumpElf: No base Address Space
VMWareAddressSpace: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
Win10AMD64PagedMemory: No base Address Space
WindowsAMD64PagedMemory: No base Address Space
LinuxAMD64PagedMemory: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
OSXPmemELF: No base Address Space
MachOAddressSpace: MachO Header signature invalid
LimeAddressSpace: Invalid Lime header signature
WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile
WindowsCrashDumpSpace64BitMap: Header signature invalid
WindowsCrashDumpSpace64: Header signature invalid
HPAKAddressSpace: Invalid magic found
VMWareMetaAddressSpace: VMware metadata file is not available
VirtualBoxCoreDumpElf64: ELF Header signature invalid
QemuCoreDumpElf: ELF Header signature invalid
VMWareAddressSpace: Invalid VMware signature: 0xf000ff53
WindowsCrashDumpSpace32: Header signature invalid
Win10AMD64PagedMemory: Incompatible profile LinuxRedHat7_6Maipox64 selected
WindowsAMD64PagedMemory: Incompatible profile LinuxRedHat7_6Maipox64 selected
LinuxAMD64PagedMemory: Failed valid Address Space check
AMD64PagedMemory: Failed valid Address Space check
IA32PagedMemoryPae: Incompatible profile LinuxRedHat7_6Maipox64 selected
IA32PagedMemory: Incompatible profile LinuxRedHat7_6Maipox64 selected
OSXPmemELF: ELF Header signature invalid
FileAddressSpace: Must be first Address Space
ArmAddressSpace: Failed valid Address Space check
I followed the exact same procedure with an Ubuntu 16.06.4 LTS with kernel 4.4.0-177-generic and it worked I was able to analyze the memory on that system with the custom profile that I built, however with Red Hat it does not work, what can I do to solve the problem? Thanks.
The text was updated successfully, but these errors were encountered: