You are not logged in.
Pages: 1
I am trying to use volatility on a Arch linux (lts) memory dump and for that
I need to create a profile for Arch linux. The problem is that arch linux
does not come with a System.map file and the vmlinuz files seem stripped (? cannot run nm on it).
I have seen other applications use /proc/kallsyms but it is apparently not
good enough for volatility ( https://github.com/volatilityfoundation … /issues/76 )
So, is there any way to get the System.map file for the linux-lts kernel?
Last edited by Reccra (2015-04-11 14:39:11)
Offline
Use ABS to build it:
$ find linux-lts/ -type f -name "System.map"
linux-lts/src/linux-3.14/System.mapOffline
Thanks!
This worked fine, the abs system is really impressive.
Offline
There's also asp: https://bbs.archlinux.org/viewtopic.php?id=185075
Edit: Please remember to mark the thread as solved https://bbs.archlinux.org/viewtopic.php?id=130309
Last edited by karol (2015-04-13 21:47:55)
Offline
Pages: 1