[Vol-dev] get_symbol

Michael Ligh michael.hale at gmail.com
Fri Apr 26 00:14:08 CDT 2013


There is not one for windows (yet)

Sent from my iPhone

On Apr 24, 2013, at 11:59 PM, Pranjal Jumde <pranjal.jumde at gmail.com> wrote:

> Is this feature available in windows? 
> 
> 
> On Sun, Apr 14, 2013 at 6:54 PM, Andrew Case <atcuno at gmail.com> wrote:
>> Hello,
>> 
>> Currently, symbols are only pulled from the kernel (vmlinux) so none
>> of the symbol addresses of modules will be directly available via the
>> API. It is a future goal of Volatility to support these symbols as
>> well.
>> 
>> In the meantime, you can use readelf or objdump on the bluetooth .ko
>> file to get the offset of the symbol from the .data section and then
>> you can use linux_lsmod with -S to find the .data section of the
>> bluetooth kernel module in memory then simply add the address + offset
>> to determine where the symbol is in the memory image.
>> 
>> On Sun, Apr 14, 2013 at 11:27 AM, Pranjal Jumde <pranjal.jumde at gmail.com> wrote:
>> > Hi,
>> >
>> > I am trying to get the value of the symbol "bt_proto" using the member
>> > function get_symbol, I checked using gdb that this symbol is a part of the
>> > bluetooth kernel module. But, I get the following error message
>> > "volatility.plugins.overlays.linux.linux: Requested symbol bt_proto not
>> > found in module kernel". Any thoughts why this might be happening?
>> >
>> > Thanks!
>> >
>> > Regards
>> > Pranjal Jumde
>> >
>> >
>> > _______________________________________________
>> > Vol-dev mailing list
>> > Vol-dev at volatilityfoundation.org
>> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
>> >
> 
> _______________________________________________
> Vol-dev mailing list
> Vol-dev at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-dev/attachments/20130426/753008d0/attachment.html


More information about the Vol-dev mailing list