You are not logged in.

#1 2015-04-11 14:38:25

Reccra
Member
Registered: 2012-09-13
Posts: 8

Get System.map for linux-lts?

I am trying to use volatility on a Arch linux (lts) memory dump and for that
I need to create a profile for Arch linux. The problem is that arch linux
does not come with a System.map file and the vmlinuz files seem stripped (? cannot run nm on it).

I have seen other applications use /proc/kallsyms but it is apparently not
good enough for volatility ( https://github.com/volatilityfoundation … /issues/76 )

So, is there any way to get the System.map file for the linux-lts kernel?

Last edited by Reccra (2015-04-11 14:39:11)

Offline

#2 2015-04-11 15:58:42

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Get System.map for linux-lts?

Use ABS to build it:

$ find linux-lts/ -type f -name "System.map"
linux-lts/src/linux-3.14/System.map

Offline

#3 2015-04-12 19:58:56

Reccra
Member
Registered: 2012-09-13
Posts: 8

Re: Get System.map for linux-lts?

Thanks!

This worked fine, the abs system is really impressive.

Offline

#4 2015-04-13 21:47:38

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Get System.map for linux-lts?

There's also asp: https://bbs.archlinux.org/viewtopic.php?id=185075

Edit: Please remember to mark the thread as solved https://bbs.archlinux.org/viewtopic.php?id=130309

Last edited by karol (2015-04-13 21:47:55)

Offline

Board footer

Powered by FluxBB