[Vol-users] Need a Redhat 7.1 profile

Torres, Geoff (Cyber Security) geoff.torres at hpe.com
Fri Apr 22 13:31:05 CDT 2016


Hi Andrew,

I figured it out and posted my solution back on the 11th.   (below for your convenience)

	To answer my own question...

	My profile build system is Debian based.  Even though I've successfully created Fedora and CentOS profiles on it, I needed to move to a Fedora system which had the proper definition files in its compiler environment.  That got rid of all the 'u32' errors.  But because the compiler was gcc 5.1, I needed to create a compiler-gcc5.h file in the include/Linux folder of the kernel files.  I just linked to the gcc4 file and everything compiled fine.

	All the Linux Volatility commands appear to be working as expected.

Thanks for checking up on it,

Geoff

And I had tried your solution and it still didn't work, but the error messages did change.  Ultimately, moving to a Redhat based build environment did the trick.  If I recall correctly, there was an issue with the 'libdwarf' module on Fedora which is why I went to Ubuntu for my build environment.  It seems to be fixed now so I can build across 2 environments which will hopefully limit the number of oddball errors I get.


-----Original Message-----
From: Andrew Case [mailto:atcuno at gmail.com] 
Sent: Thursday, April 21, 2016 3:36 PM
To: Torres, Geoff (Cyber Security) <geoff.torres at hpe.com>; vol-users at volatilityfoundation.org
Subject: Re: [Vol-users] Need a Redhat 7.1 profile

That is a strange error... Are you comfortable editing module.c? If so, can you add this as the first line of the file:

#define u32 unsigned int

that should fix the compile error, please send the error output if not

Thanks,
Andrew (@attrc)

On 04/07/2016 01:37 PM, Torres, Geoff (Cyber Security) wrote:
> Hi,
> 
>  
> 
> I usually roll my own profiles but I'm having a big problem getting 
> one created for RedHat 7.1 (Linux version 3.10.0-229.el17.x86_64).
> 
>  
> 
> I checked the github repository already and did a google search to no avail.
> 
>  
> 
> Does anyone have one already created?
> 
>  
> 
> Or can anyone help me figure out how to get around these compilation errors?
> 
>  
> 
> include/linux/thread_info.h:24:4: error unknown type name 'u32'
> 
>                                 u32 __user *uaddr;
> 
>                                 ^
> 
>  
> 
> There are hundreds of them.  As near as I've been able to determine, 
> all the flags that would set it are 64 bit-centric so it never gets set.
> 
>  
> 
> I have the full make output and the kernel RPMs if needed.  Oh, and 
> this is the first time I'm creating a profile using Volatility 2.5, 
> but I'm getting the same errors on 2.4 where I've been successful in the past.
> 
>  
> 
> Thanks,
> 
>  
> 
> Geoff
> 
>  
> 
> BTW - I'm a programmer by necessity, not profession.  Feel free to 
> point out the obvious.
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> 


More information about the Vol-users mailing list