Description of problem: python-volatility crashing when used on system with kernel 4.9+ Some kernel memory structures have changed and it breaks the interface between Volatility framework and the libdwarf Version-Release number of selected component (if applicable): 2.6.0 How reproducible: 100% Steps to Reproduce: 1. vol -f example.dmp imageinfo Actual results: $ vol -f ch2.dmp imageinfo Volatility Foundation Volatility Framework 2.6 INFO : volatility.debug : Determining profile based on KDBG search... Traceback (most recent call last): File "/usr/bin/vol", line 192, in <module> main() File "/usr/bin/vol", line 183, in main command.execute() File "/usr/lib/python2.7/site-packages/volatility/commands.py", line 147, in execute func(outfd, data) File "/usr/lib/python2.7/site-packages/volatility/plugins/imageinfo.py", line 45, in render_text for k, t, v in data: File "/usr/lib/python2.7/site-packages/volatility/plugins/imageinfo.py", line 55, in calculate suglist = [ s for s, _ in kdbgscan.KDBGScan.calculate(self)] File "/usr/lib/python2.7/site-packages/volatility/plugins/kdbgscan.py", line 116, in calculate buf = addrspace.BufferAddressSpace(self._config) File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 378, in __init__ BaseAddressSpace.__init__(self, None, config, **kwargs) File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 73, in __init__ self.profile = self._set_profile(config.PROFILE) File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 98, in _set_profile ret = profs[profile_name]() File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 216, in __init__ obj.Profile.__init__(self, *args, **kwargs) File "/usr/lib/python2.7/site-packages/volatility/obj.py", line 862, in __init__ self.reset() File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 227, in reset self.load_vtypes() File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 264, in load_vtypes vtypesvar = dwarf.DWARFParser(dwarfdata).finalize() File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 71, in __init__ self.feed_line(line) File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 162, in feed_line self.process_statement(**parsed) #pylint: disable-msg=W0142 File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 204, in process_statement self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ] KeyError: 'DW_AT_byte_size' Expected results: $ vol -f ch2.dmp imageinfo Volatility Foundation Volatility Framework 2.6.1 INFO : volatility.debug : Determining profile based on KDBG search... Suggested Profile(s) : Win7SP1x86_23418, Win7SP0x86, Win7SP1x86_24000, Win7SP1x86 AS Layer1 : IA32PagedMemoryPae (Kernel AS) AS Layer2 : FileAddressSpace (/mnt/extra/tmp/rootme/ch2.dmp) PAE type : PAE DTB : 0x185000L KDBG : 0x82929be8L Number of Processors : 1 Image Type (Service Pack) : 0 KPCR for CPU 0 : 0x8292ac00L KUSER_SHARED_DATA : 0xffdf0000L Image date and time : 2013-01-12 16:59:18 UTC+0000 Image local date and time : 2013-01-12 17:59:18 +0100
python-volatility-2.6.1-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ceaa9857b6
python-volatility-2.6.1-1.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2046a66439
python-volatility-2.6.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-df37454881
python-volatility-2.6.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2046a66439
python-volatility-2.6.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-df37454881
python-volatility-2.6.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-ceaa9857b6
python-volatility-2.6.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
python-volatility-2.6.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
python-volatility-2.6.1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.