Skip to content
/ dwarf2json-centos7 Public

Container to use the dwarf2json tool to generate Linux Profiles based on CentOS7 for Volatility3.

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

karmatr0n/dwarf2json-centos7

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

Description

Container to use the dwarf2json tool to generate Linux Profiles based on CentOS7 for Volatility3

Building the docker container

 docker build --tag dwarf2json-centos7:0.0.1 .

Note

Edit the Dockerfile to update the kernel version you need.

Running the docker container

docker run --rm --user=$(id -u):$(id -g) -v "$(pwd)":/output:ro,Z -ti  dwarf2json-centos7:0.0.1

Copy the dumped symbols with dwar2json

docker ps
docker cp <CONTAINER ID>:/tmp/output/<distro><version>.json.xz .

Adding linux kernel profile to Volatility3

zip -a volatility3/volatility/symbols/linux.zip <distro><version>.json.xz

Running volatility example

python3 vol.py  -f collected_memory.lime  yarascan.YaraScan --yara-file <rules.yar>

References

About

Container to use the dwarf2json tool to generate Linux Profiles based on CentOS7 for Volatility3.

Topics

docker container centos7 volatility3 dwarf2json

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages