Volatility: Error w...
 
Notifications
Clear all

Volatility: Error with building linux profile

6 Posts
4 Users
0 Likes
1,831 Views
(@kawbin)
Posts: 1
New Member
Topic starter
 

Hi All,

I have been trying hard to build a linux profile based on Red Hat Enterprise Linux Server release 6.10 (Oracle Linux Server 6.10). I have also install all the required tools like dwarfdump.

The error shows when I build the profile with command "make"

@kali~/volatility/tools/linux# make -C /lib/modules/4.1.12-112.14.15.el6uek.x86_64/build CONFIG_DEBUG_INFO=y M=$PWD modules
make Entering directory '/usr/src/4.1.12-112.14.15.el6uek.x86_64'
arch/x86/Makefile114 stack-protector enabled but compiler support broken
Makefile658 Cannot use CONFIG_CC_STACKPROTECTOR_REGULAR -fstack-protector not supported by compiler
CC [M] /root/volatility/tools/linux/module.o
cc1 error code model kernel does not support PIC mode
make[1] [scripts/Makefile.build265 /root/volatility/tools/linux/module.o] Error 1
make
[Makefile1430 _module_/root/volatility/tools/linux] Error 2

make Leaving directory '/usr/src/4.1.12-112.14.15.el6uek.x86_64'

Thank you, if anyone can help me on this )

 
Posted : 21/09/2018 9:19 am
Beleka
(@beleka)
Posts: 29
Eminent Member
 

Hello, this is a problem with the gcc compiler version. After version 5 it has PIE enabled by default, so trying to compile with PIC ends with an error.

The easiest solution is building the profile with a lower gcc version, before that bug. I hope i helped you. More information

https://askubuntu.com/questions/851433/kernel-doesnt-support-pic-mode-for-compiling

 
Posted : 24/09/2018 10:50 am
AmNe5iA
(@amne5ia)
Posts: 173
Estimable Member
 

I think you need to make the linux profile within the linux you wish to profile.

So to make a Red Hat Enterprise Linux Server release 6.10 profile you need to make it on a computer running Red Hat Enterprise Linux Server release 6.10…

You appear to be using Kali so I think you'll end up with a Kali Profile not a profile for Red Hat Enterprise Linux Server release 6.10.

 
Posted : 24/09/2018 1:28 pm
Beleka
(@beleka)
Posts: 29
Eminent Member
 

No, if you have the kernel-devel or headers you can build the profile in other machine, i did it many times. You just need the kernel packages and the SystemMap file.

 
Posted : 24/09/2018 3:05 pm
AmNe5iA
(@amne5ia)
Posts: 173
Estimable Member
 

I stand corrected.

 
Posted : 24/09/2018 7:29 pm
K-VRC
(@k-vrc)
Posts: 1
New Member
 

No, if you have the kernel-devel or headers you can build the profile in other machine, i did it many times. You just need the kernel packages and the SystemMap file.

Hi Beleka….I have tried building linux profile for a RAM image of a Red Hat system, whose characteristics are
-Kernel version 4.14.62-65.117.amzn1.x86_64
-corresponds to the distribution of RedHat 7.2.1-2

According to the Volatility Foundation page before building I must have configured the dwarfdump and build-essential tools, and finally I must install the headers to build the kernel modules I need.

The installation of dwarfdump and build-essential was successful but every time I try to install the headers I get the error "The package could not be located".

I am using the following command
apt-get install linux-headers-(KERNEL VERSION), in my case would be

apt-get install linux-headers-4.14.62-65.117.amzn1.x86_64

But it doesn't work; is that sentence correct or should I install some other tool before I can install the headers ??

I'm doing this on a Kali Linux virtual machine.

Sorry for the question but I'm not a Linux expert. Thank you.

 
Posted : 18/10/2019 5:59 pm
Share: