[Vol-users] RE: Need a Redhat 7.1 profile

Torres, Geoff (Cyber Security) geoff.torres at hpe.com
Mon Apr 11 17:11:22 CDT 2016


To answer my own question...

My profile build system is Debian based.  Even though I've successfully created Fedora and CentOS profiles on it, I needed to move to a Fedora system which had the proper definition files in its compiler environment.  That got rid of all the 'u32' errors.  But because the compiler was gcc 5.1, I needed to create a compiler-gcc5.h file in the include/Linux folder of the kernel files.  I just linked to the gcc4 file and everything compiled fine.

All the Linux Volatility commands appear to be working as expected.

Geoff


From: Torres, Geoff (Cyber Security)
Sent: Thursday, April 07, 2016 11:37 AM
To: 'vol-users at volatilityfoundation.org' <vol-users at volatilityfoundation.org>
Subject: Need a Redhat 7.1 profile

Hi,

I usually roll my own profiles but I'm having a big problem getting one created for RedHat 7.1 (Linux version 3.10.0-229.el17.x86_64).

I checked the github repository already and did a google search to no avail.

Does anyone have one already created?

Or can anyone help me figure out how to get around these compilation errors?

include/linux/thread_info.h:24:4: error unknown type name 'u32'
                                u32 __user *uaddr;
                                ^

There are hundreds of them.  As near as I've been able to determine, all the flags that would set it are 64 bit-centric so it never gets set.

I have the full make output and the kernel RPMs if needed.  Oh, and this is the first time I'm creating a profile using Volatility 2.5, but I'm getting the same errors on 2.4 where I've been successful in the past.

Thanks,

Geoff

BTW - I'm a programmer by necessity, not profession.  Feel free to point out the obvious.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20160411/01e0e723/attachment.html


More information about the Vol-users mailing list