[Vol-users] Re: Bug or documentation error - linux_dump_map

Edwin Smulders edwin.smulders at gmail.com
Thu Mar 7 06:06:40 CST 2013


After some more research, I think it is a bug and the attached patch
hopefully fixes it.

On 7 March 2013 11:35, Edwin Smulders <edwin.smulders at gmail.com> wrote:
> Hi,
>
> Yesterday during a challenge we had to use the linux_dump_map plugin
> to dump a process stack, and the documentation at
> https://code.google.com/p/volatility/wiki/LinuxCommandReference23#linux_proc_maps
> says it has the -p option to select a process.
>
> However, as far as I can tell looking in the svn history, this plugin
> never had the -p option. And it's definitely not working currently.
> I've heard a confirmation that the option was working in version
> 2.2-rc1, so maybe it was a global option?
>
> The reason I'm mailing this is because, if the -s is virtual memory,
> would you not get possible overlap in areas? How do you know it dumped
> the correct VMA? Note that every time I tried, I got the correct area.
>
> Cheers,
> Edwin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux_dump_map_patch001.diff
Type: application/octet-stream
Size: 1347 bytes
Desc: not available
Url : https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20130307/46e43308/linux_dump_map_patch001.obj


More information about the Vol-users mailing list