[Vol-users] stack & heap

Michael Hale Ligh michael.hale at gmail.com
Mon Sep 30 19:49:16 CDT 2013


Sebastian,

This is the first we've heard of linux_proc_maps causing a segfault. It has
worked fine across various kernels on Debian, Ubuntu, SuSE, CentOS, Fedora.
There are some Linux profiles available here:

https://code.google.com/p/volatility/wiki/LinuxProfiles

And some Linux samples linked to from here:
https://code.google.com/p/volatility/wiki/SampleMemoryImages

In particular, there is a DFRWS 2008 memory sample for Linux and you'll
find the CentOS profile on the profile page. Its a bit difficult to
remotely debug a segfault, but if you find out any more details about the
issue, feel free to report them.

Thanks,
MHL


On Thu, Sep 26, 2013 at 5:05 PM, Sebastian Biedermann <
biedermann at seceng.informatik.tu-darmstadt.de> wrote:

> Hi guys,
>
> I'm trying to find out the addresses of the memory pages of a target
> process that are used as stack and heap on Linux.
> (Precisely, I would like to have the output which can be seen in
> /proc/<pid>/maps for a target process)
>
> Unfortunately, the command linux_proc_maps is not working, I always get a
> segmentation fault,
> although I tried different kernels as well as Linux setups (Ubuntu) - it's
> just not working.
>
> Can anyone tell me a setup (Linux & Kernel) in which the linux_proc_maps
> command works?
> Or give me a hint how I could figure out these addresses on another way?
>
> Thank you!
> ______________________________**_________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilesystems.**com/mailman/listinfo/vol-users<http://lists.volatilityfoundation.org/mailman/listinfo/vol-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20130930/e42a5f44/attachment.html


More information about the Vol-users mailing list