halpomeranz / lmg Goto Github PK
View Code? Open in Web Editor NEWScript for automating Linux memory capture and analysis
lmg's People
Contributors
Stargazers
Watchers
Forkers
vicgc juju4 cephurs windwave1173 enascimento jeffbryner benhamad atwong01 rvrsh3ll fengxiaoiie upxnoops johnjohnsp1 bupt007 jothatron intfrr xtiankisutsa crazykid199 majord4m4ge olivierh59500 ddurvaux zerocool443 caliskanfurkan minkione chrisnewmanuk shadow0ps cpuu cloudxtreme md50x marciopocebon dkorzhevin hobama n4rr34n6 raimundojimenez 5l1v3r1 c53mike patroclica firefly8 ashleykellyforensics ernestomr310 yiannn noteloc tmcd71 cvlabsiolmg's Issues
Error when creating profile
I followed your instructions for installing everything to a thumb drive, and everything seems to work fine up until the profile creation. I get the following error in /tools/linux/module.c:150:8: error: redefinition of 'struct radix_tree_node'.
It says this is originally defined in include/linux/radix-tree.h:87:8.
I am going to comment this line out and see what happens. Any advice?
Profile generation failed on SUSE SLES 15 machine
I tried to run LMG on my SUSE SLES 15 test VM for grabbing its memory.
Memory dumping via AVML seems to run smoothly but when I requested LMG to create a profile for this system's memory I got the following error:
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 # ./lmg
AVML is /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/avml/avml-x86_64
Dumping memory in "lime" format to /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/capture/linux-6ujy-2023-07-19_02.54.31
This could take a while...Done!
Grabbing a copy of /bin/bash...Done!
Writing volatilityrc to /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/capture/linux-6ujy-2023-07-19_02.54.31...Done!
Compile profile for this system? [N|y] y
make -C //lib/modules/4.12.14-577.gcac0110-default/build M="/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/volatility/tools/linux" clean
make[1]: *** //lib/modules/4.12.14-577.gcac0110-default/build: No such file or directory. Stop.
Makefile:15: recipe for target 'clean' failed
make: *** [clean] Error 2
adding: module.dwarf (deflated 91%)
adding: boot/System.map-4.12.14-577.gcac0110-default (deflated 79%)
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 #
The system's OS specs are as follows:
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 # hostnamectl
Static hostname: linux-6ujy.suse
Transient hostname: linux-6ujy
Icon name: computer-vm
Chassis: vm
Machine ID: 0ba95a9f792ad691ef914bbf63c2a52a
Boot ID: eabd56a0048442909ce0ce6f8ea2f349
Virtualization: vmware
Operating System: SUSE Linux Enterprise Server 12 SP5
CPE OS Name: cpe:/o:suse:sles:12:sp5
Kernel: Linux 4.12.14-577.gcac0110-default
Architecture: x86-64
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 #
Not sure if this is an issue of your script. :-)
All the best,
Michael
Patch for makefile doesn't work with latest LiME
https://github.com/504ensicsLabs/LiME/blob/master/src/Makefile (which I think is the latest? ) doesn't match the patch from lmg so it fails.
I'll fork and attach a pull request
"Still no matching kernel module found." Error
I receive the following error on a Fedora 21 system.
# usb/lmg -d capture/
Try to build LiME kernel module? [N|y] y
make -C /lib/modules/4.1.13-100.fc21.x86_64/build M="/home/user/capture/lime" modules
make[1]: Entering directory '/usr/src/kernels/4.1.13-100.fc21.x86_64'
CC [M] /home/user/capture/lime/tcp.o
CC [M] /home/user/capture/lime/disk.o
CC [M] /home/user/capture/lime/main.o
LD [M] /home/user/capture/lime/lime.o
Building modules, stage 2.
MODPOST 1 modules
CC /home/user/capture/lime/lime.mod.o
LD [M] /home/user/capture/lime/lime.ko
make[1]: Leaving directory '/usr/src/kernels/4.1.13-100.fc21.x86_64'
strip --strip-unneeded lime.ko
mv lime.ko lime-4.1.13-100.fc21.x86_64-x86_64.ko
Still no matching kernel module found... exiting!
Yet, when I manually compile LiME, it is successful...
# usb/LiME/src/make
make -C /lib/modules/4.1.13-100.fc21.x86_64/build M="/home/user/LiME/src" modules
make[1]: Entering directory '/usr/src/kernels/4.1.13-100.fc21.x86_64'
CC [M] /home/user/LiME/src/tcp.o
CC [M] /home/user/LiME/src/disk.o
CC [M] /home/user/LiME/src/main.o
LD [M] /home/user/LiME/src/lime.o
Building modules, stage 2.
MODPOST 1 modules
CC /home/user/LiME/src/lime.mod.o
LD [M] /home/user/LiME/src/lime.ko
make[1]: Leaving directory '/usr/src/kernels/4.1.13-100.fc21.x86_64'
strip --strip-unneeded lime.ko
mv lime.ko lime-4.1.13-100.fc21.x86_64-x86_64.ko
Any idears what's going on?
Still no matching kernel module found
I checked with the previous issue submitted regarding a similar issue on Fedora. Giving the full path on -d didn't solve it. I am running on the latest Kali Linux Rolling.
root@kali:~# /media/root/RDT/lmg
Try to build LiME kernel module? [N|y] y
make -C /lib/modules/4.11.0-kali1-amd64/build M="/media/root/RDT/lime/src" modules
make[1]: *** /lib/modules/4.11.0-kali1-amd64/build: No such file or directory. Stop.
Makefile:36: recipe for target 'default' failed
make: *** [default] Error 2
Still no matching kernel module found... exiting!
Invalid profile for volatility
In the quick test, I did, the generated profile does not work. I got
Volatility Foundation Volatility Framework 2.3.1
ERROR : volatility.commands : Invalid profile host-2014-06-13_18.37.34-profile selected
I asked myself it was because System.map is in boot subdir but doesn't seem so.
Zip file contains two non-empty files module.dwarf and boot/System.map-3.13.0-24-generic.
Captured system is lubuntu 14.04.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.