[Vol-users] Bug or documentation error - linux_dump_map

Edwin Smulders edwin.smulders at gmail.com
Thu Mar 7 04:35:32 CST 2013


Hi,

Yesterday during a challenge we had to use the linux_dump_map plugin
to dump a process stack, and the documentation at
https://code.google.com/p/volatility/wiki/LinuxCommandReference23#linux_proc_maps
says it has the -p option to select a process.

However, as far as I can tell looking in the svn history, this plugin
never had the -p option. And it's definitely not working currently.
I've heard a confirmation that the option was working in version
2.2-rc1, so maybe it was a global option?

The reason I'm mailing this is because, if the -s is virtual memory,
would you not get possible overlap in areas? How do you know it dumped
the correct VMA? Note that every time I tried, I got the correct area.

Cheers,
Edwin


More information about the Vol-users mailing list