±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36768
New Yesterday: 0 Visitors: 91

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Volatility: Error with building linux profile

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

kawbin
Newbie
 

Volatility: Error with building linux profile

Post Posted: Sep 21, 18 09:19

Hi All,

I have been trying hard to build a linux profile based on Red Hat Enterprise Linux Server release 6.10 (Oracle Linux Server 6.10). I have also install all the required tools like dwarfdump.

The error shows when I build the profile with command "make"


@kali:~/volatility/tools/linux# make -C /lib/modules/4.1.12-112.14.15.el6uek.x86_64/build CONFIG_DEBUG_INFO=y M=$PWD modules
make: Entering directory '/usr/src/4.1.12-112.14.15.el6uek.x86_64'
arch/x86/Makefile:114: stack-protector enabled but compiler support broken
Makefile:658: Cannot use CONFIG_CC_STACKPROTECTOR_REGULAR: -fstack-protector not supported by compiler
CC [M] /root/volatility/tools/linux/module.o
cc1: error: code model kernel does not support PIC mode
make[1]: *** [scripts/Makefile.build:265: /root/volatility/tools/linux/module.o] Error 1
make: *** [Makefile:1430: _module_/root/volatility/tools/linux] Error 2

make: Leaving directory '/usr/src/4.1.12-112.14.15.el6uek.x86_64'

Thank you, if anyone can help me on this Smile  
 
  

Beleka
Member
 

Re: Volatility: Error with building linux profile

Post Posted: Sep 24, 18 10:50

Hello, this is a problem with the gcc compiler version. After version 5 it has PIE enabled by default, so trying to compile with PIC ends with an error.

The easiest solution is building the profile with a lower gcc version, before that bug. I hope i helped you. More information:

askubuntu.com/question...-compiling  
 
  

AmNe5iA
Senior Member
 

Re: Volatility: Error with building linux profile

Post Posted: Sep 24, 18 13:28

I think you need to make the linux profile within the linux you wish to profile.

So to make a Red Hat Enterprise Linux Server release 6.10 profile you need to make it on a computer running Red Hat Enterprise Linux Server release 6.10...

You appear to be using Kali so I think you'll end up with a Kali Profile not a profile for Red Hat Enterprise Linux Server release 6.10.  
 
  

Beleka
Member
 

Re: Volatility: Error with building linux profile

Post Posted: Sep 24, 18 15:05

No, if you have the kernel-devel or headers you can build the profile in other machine, i did it many times. You just need the kernel packages and the SystemMap file.  
 
  

AmNe5iA
Senior Member
 

Re: Volatility: Error with building linux profile

Post Posted: Sep 24, 18 19:29

I stand corrected.  
 
  

K-VRC
Newbie
 

Re: Volatility: Error with building linux profile

Post Posted: Oct 18, 19 17:59

- Beleka
No, if you have the kernel-devel or headers you can build the profile in other machine, i did it many times. You just need the kernel packages and the SystemMap file.


Hi Beleka....I have tried building linux profile for a RAM image of a Red Hat system, whose characteristics are:
-Kernel version 4.14.62-65.117.amzn1.x86_64
-corresponds to the distribution of RedHat 7.2.1-2

According to the Volatility Foundation page: before building I must have configured the dwarfdump and build-essential tools, and finally I must install the headers to build the kernel modules I need.

The installation of dwarfdump and build-essential was successful but every time I try to install the headers I get the error: "The package could not be located".

I am using the following command:
apt-get install linux-headers-(KERNEL VERSION), in my case would be:

apt-get install linux-headers-4.14.62-65.117.amzn1.x86_64

But it doesn't work; is that sentence correct or should I install some other tool before I can install the headers ??

I'm doing this on a Kali Linux virtual machine.

Sorry for the question but I'm not a Linux expert. Thank you.  
 

Page 1 of 1