[Vol-dev] Re: DalvikVM support for Volatility

Andrew Case atcuno at gmail.com
Mon Oct 29 00:05:17 CDT 2012


Hello,

Thanks for sending out the code, and sorry for taking so long to properly
reply...

I read through most of the code and its very well done, particularly for
someone not previously involved with the project.

It was my goal to have dalvik support into the 3.0 release of Volatility,
which is due early next year - see the Roadmap [1] for details.  Your code
can definitely serve as a base for this support as it works with the latest
revision of Vol and my previous code is over a year old now, and you have
also implemented features that I did not get to..

Please send any updates as you get to them or message me if you need any
help. I will also send you notes soon on what I had planned to add myself
so that we can either collaborate or at least not duplicate effort.

Nice work!

[1] http://code.google.com/p/volatility/wiki/VolatilityRoadmap

On Tue, Oct 16, 2012 at 9:50 AM, Holger Macht <holger at homac.de> wrote:

> Hi,
>
> I've uploaded a tarball [1] containing a number of Volatility plugins which
> provide support for the DalvikVM and Android. I didn't provide a
> patch set, because there are only new files included. However, I can do
> so or can open an issue, whatever would be most convenient.
>
> The plugins are named:
>  - dalvik_find_gdvm_offset
>  - dalvik_vms
>  - dalvik_loaded_classes
>  - dalvik_class_information
>  - dalvik_find_class_instance
>  - dalvik_app_mirrored
>
> Any comments would be appreciated. This is part of a research project I
> need to have finished by the end of the year, so if someone suggests
> fundamental changes, I most likely won't have the immediate time to look
> at it. Just wanted to provide my code, because obviously there is some
> interest (cf. vol-users@).
>
> Ideally, I could get a branch in SVN to get this integrated into
> upcoming Volatility releases.
>
> I've attached a README.dalvik which gives some meta information about
> the plugins and could become a corresponding wiki article.
>
> Thanks to Joe Sylve and Andrew Case for providing me with some initial
> guidelines.
>
> Regards,
>  Holger
>
> [1] http://www.homac.de/files/Volatility-Dalvik-support-v1.tar.bz2
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-dev/attachments/20121029/f97b4d18/attachment.html


More information about the Vol-dev mailing list