Comments (26)
nathan-out
commented on June 11, 2024
2
@Abyss-W4tcher Ok you were right it works now!
I had to fix another line. To fix the issue you have to:
- open this file
volatility3-2.5.0\volatility3\framework\symbols\linux\__init__.py - modify these lines:
self.set_type_class("inet_sock", extensions.inet_sock)
self.set_type_class("unix_sock", extensions.unix_sock)into these lines:
self.optional_set_type_class("inet_sock", extensions.inet_sock)
self.optional_set_type_class("unix_sock", extensions.unix_sock)As future users with the same problem won't read all the messages, I'll summarize the problem. The problem stems from the Volatility assumption that a kernel must have a network module. This was wrong here, as the kernel was really very small. So vol raises an error. To solve this problem, vol needs to be told that the network module is optional.
I have several questions regarding this issue. Why this assumption? If it's possible, perhaps Vol should first check the modules built into the kernel and not trigger a fatal error?
Thanks all for your help, I really appreciated :D
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
1
Hi, thanks for your fast response!
The dump is made using the qemu monitor command
pmemsave 0 0x20000000 dump.raw.
pslist, bash, pstree and sockstatprovides the same error.
Hello @nathan-out, may I suggest trying the qemu command dump-guest-memory instead ?
from volatility3.
nathan-out
commented on June 11, 2024
1
Hello Iām currently very busy I will continue my investigation next week sorry for the delay
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
1
Hi @aiglematth, you can try patching the Volatility installation here with :
self.optional_set_type_class("inet_sock", extensions.inet_sock)See https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/symbols/linux/__init__.py#L51 for reference.
from volatility3.
eve-mem
commented on June 11, 2024
1
Just a small note - It may be obvious - but without inet_sock some plugins won't work e.g. sockstat. It could probably be patched if things like unix sockets were still there and you needed to analyze them.
from volatility3.
ikelos
commented on June 11, 2024
1
Yes, the whole string must match exactly, no parsing of the version occurs.
from volatility3.
eve-mem
commented on June 11, 2024
Hi, it looks like you've done everything correctly that i can see, but vol can't work out the intel layer. When you made that memory sample - what tool did you use?
Is it only pstree that doesn't work? I'd assume pslist etc also don't work?
from volatility3.
nathan-out
commented on June 11, 2024
Hi, thanks for your fast response!
The dump is made using the qemu monitor command pmemsave 0 0x20000000 dump.raw.
pslist, bash, pstree and sockstat provides the same error.
from volatility3.
eve-mem
commented on June 11, 2024
Any luck @nathan-out ?
from volatility3.
eve-mem
commented on June 11, 2024
No worries at all, just shout if you get any more problems.
from volatility3.
nathan-out
commented on June 11, 2024
@Abyss-W4tcher I have both kernel.elf made with dump-guest-memory and kernel.raw with the first command. In both case, volatility doesn't work
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
Could you try running with -vvvvvvvvvvv, to see if we get more informations ?
from volatility3.
nathan-out
commented on June 11, 2024
Here is the output, volatility was run on dump.raw file.
Volatility 3 Framework 2.5.0
INFO volatility3.cli: Volatility plugins path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\plugins', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\plugins']
INFO volatility3.cli: Volatility symbols path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\symbols', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\symbols']
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\plugins, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\plugins
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic
Level 7 volatility3.cli: Cache directory used: C:\Users\sieur\AppData\Roaming\volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
Level 6 volatility3.framework.symbols.intermed: Searching for symbols in D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\symbols, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols
Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/ADC00FA5FC34456BA16E268745724099-1.json.xz as b'ntkrnlmp.pdb|ADC00FA5FC34456BA16E268745724099|1'
INFO volatility3.framework.automagic: Running automagic: LayerStacker
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
Level 6 volatility3.framework.layers.elf: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
Level 6 volatility3.framework.layers.xen: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #3 Fri Jan 19 14:09:49 CET 2024'
DEBUG volatility3.schemas: Validating JSON against schema...
DEBUG volatility3.schemas: JSON validated against schema (result cached)
Level 7 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: inet_sock
Level 6 volatility3.framework.automagic.stacker: Traceback (most recent call last):
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic\stacker.py", line 213, in stack_layer
new_layer = stacker.stack(context, initial_layer, progress_callback)
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic\linux.py", line 72, in stack
table = linux.LinuxKernelIntermedSymbols(
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols\linux\__init__.py", line 47, in __init__
self.set_type_class("inet_sock", extensions.inet_sock)
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols\intermed.py", line 60, in _delegate_function
return getattr(self._delegate, name)(*args, **kwargs)
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols\intermed.py", line 425, in set_type_class
raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")
ValueError: Symbol type not in LintelStacker1 SymbolTable: inet_sock
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
INFO volatility3.framework.automagic: Running automagic: KernelModule
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Unsatisfied requirement plugins.PsTree.kernel.layer_name:
Unsatisfied requirement plugins.PsTree.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that:
A file was provided to create this layer (by -f, --single-location or by config)
The file exists and is readable
The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that:
The associated translation layer requirement was fulfilled
You have the correct symbol file for the requirement
The symbol file is under the correct directory or zip file
The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.PsTree.kernel.layer_name', 'plugins.PsTree.kernel.symbol_table_name']
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
Relevant part seems to be :
Level 7 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: inet_sock
The symbol type might be missing. Can you please try to generate another ISF, by omitting the System.map file :
./dwarf2json --elf vmlinux > output.jsonTemporarily move out your existing ISF from the Volatility3 symbols directory, and run Volatility3 with --clear-cache to avoid conflicts.
from volatility3.
nathan-out
commented on June 11, 2024
Here it is:
Volatility 3 Framework 2.5.0
INFO volatility3.cli: Volatility plugins path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\plugins', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\plugins']
INFO volatility3.cli: Volatility symbols path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\symbols', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\symbols']
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\plugins, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\plugins
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic
Level 7 volatility3.cli: Cache directory used: C:\Users\sieur\AppData\Roaming\volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
Level 6 volatility3.framework.symbols.intermed: Searching for symbols in D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\symbols, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols
Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-15063-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win8-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/mft.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/tcpip.pdb/942CC690894B8899CD5B8607C72A62EA-1.json.xz as b'tcpip.pdb|942CC690894B8899CD5B8607C72A62EA|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/kerb_ecrypt.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-18362-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/callbacks-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17134-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-16299-x64.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/CA8E2F01B822EDE6357898BFBF862997-1.json.xz as b'ntkrnlmp.pdb|CA8E2F01B822EDE6357898BFBF862997|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-19041-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/pe.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-xp-2003-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win7-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/xen.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/generic/qemu.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-18363-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/pdb.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/mbr.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/elf.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-19041-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win8-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-15063-x86.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/linux/output.json as b'Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #5 Thu Jan 25 19:03:11 CET 2024\n\x00'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-win10-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/registry.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-xp-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-19935-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17134-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash_common.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/callbacks-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-16299-x86.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/68A17FAF3012B7846079AEECDBE0A583-1.json.xz as b'ntkrnlmp.pdb|68A17FAF3012B7846079AEECDBE0A583|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-10240-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/bash64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-10586-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17763-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/bash32.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-sp12-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-15063-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-14393-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-15063-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x64-win7.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/ADC00FA5FC34456BA16E268745724099-1.json.xz as b'ntkrnlmp.pdb|ADC00FA5FC34456BA16E268745724099|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/kdbg.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-vista-x64.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/F9F3101286B6467CDE2D6C8304D7F43C-1.json.xz as b'ntkrnlmp.pdb|F9F3101286B6467CDE2D6C8304D7F43C|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win7-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-win10-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-16299-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win8-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win8-x86.json
INFO volatility3.framework.automagic: Running automagic: LayerStacker
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
Level 6 volatility3.framework.layers.elf: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
Level 6 volatility3.framework.layers.xen: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DEBUG volatility3.framework.automagic.linux: No suitable linux banner could be matched
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
INFO volatility3.framework.automagic: Running automagic: KernelModule
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Unsatisfied requirement plugins.PsTree.kernel.layer_name:
Unsatisfied requirement plugins.PsTree.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that:
A file was provided to create this layer (by -f, --single-location or by config)
The file exists and is readable
The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that:
The associated translation layer requirement was fulfilled
You have the correct symbol file for the requirement
The symbol file is under the correct directory or zip file
The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.PsTree.kernel.layer_name', 'plugins.PsTree.kernel.symbol_table_name']
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
Ok, this did not solve the issue. The raised error comes from here
I think.The problem might come from the vmlinux not containing the correct things, although inet_sock wasn't renamed/removed in the Linux source tree. This is probably related to the custom kernel, is the source from a non-stable Ubuntu branch ?
from volatility3.
nathan-out
commented on June 11, 2024
The kernel creator will answer your question and join the issue.
from volatility3.
aiglematth
commented on June 11, 2024
Hi !
I am the kernel builder : this kernel is not an ubuntu release, but a linux kernel build in minimal mode, so I deactivated the network. It is why the inet_sock symbol is not present. Is there any way to do without this symbol ? As this symbol is only useful for some functionalities related to the network.
from volatility3.
nathan-out
commented on June 11, 2024
I still have the same issue:
Volatility 3 Framework 2.5.0
INFO volatility3.cli: Volatility plugins path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\plugins', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\plugins']
INFO volatility3.cli: Volatility symbols path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\symbols', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\symbols']
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\plugins, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\plugins
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic
Level 7 volatility3.cli: Cache directory used: C:\Users\sieur\AppData\Roaming\volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree.kernel
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsTree
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
Level 6 volatility3.framework.symbols.intermed: Searching for symbols in D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\symbols, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols
Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-sp12-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-16299-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17763-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x64-win7.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-15063-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/bash32.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-16299-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-18362-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win8-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/registry.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-10240-x86.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/F9F3101286B6467CDE2D6C8304D7F43C-1.json.xz as b'ntkrnlmp.pdb|F9F3101286B6467CDE2D6C8304D7F43C|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win7-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/callbacks-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-xp-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-16299-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-15063-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17134-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-18363-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win8-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win8-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-15063-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/mbr.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-win10-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-14393-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/pdb.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win8-x64.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/CA8E2F01B822EDE6357898BFBF862997-1.json.xz as b'ntkrnlmp.pdb|CA8E2F01B822EDE6357898BFBF862997|1'
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/ADC00FA5FC34456BA16E268745724099-1.json.xz as b'ntkrnlmp.pdb|ADC00FA5FC34456BA16E268745724099|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-19041-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-19935-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-win10-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/kerb_ecrypt.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/linux/output.json as b'Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #5 Thu Jan 25 19:03:11 CET 2024\n\x00'
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/68A17FAF3012B7846079AEECDBE0A583-1.json.xz as b'ntkrnlmp.pdb|68A17FAF3012B7846079AEECDBE0A583|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-10586-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-15063-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash_common.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/elf.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/pe.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/kdbg.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-19041-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/callbacks-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17134-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-x86.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/tcpip.pdb/942CC690894B8899CD5B8607C72A62EA-1.json.xz as b'tcpip.pdb|942CC690894B8899CD5B8607C72A62EA|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win7-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/xen.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/mft.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/bash64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-xp-2003-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/generic/qemu.json
INFO volatility3.framework.automagic: Running automagic: LayerStacker
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
Level 6 volatility3.framework.layers.elf: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
Level 6 volatility3.framework.layers.xen: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DEBUG volatility3.framework.automagic.linux: No suitable linux banner could be matched
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
INFO volatility3.framework.automagic: Running automagic: KernelModule
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsTree.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsTree.kernel.symbol_table_name
Unsatisfied requirement plugins.PsTree.kernel.layer_name:
Unsatisfied requirement plugins.PsTree.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that:
A file was provided to create this layer (by -f, --single-location or by config)
The file exists and is readable
The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that:
The associated translation layer requirement was fulfilled
You have the correct symbol file for the requirement
The symbol file is under the correct directory or zip file
The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.PsTree.kernel.layer_name', 'plugins.PsTree.kernel.symbol_table_name']
Here is the code I patched:
self.optional_set_type_class("inet_sock", extensions.inet_sock)
self.optional_set_type_class("vsock_sock", extensions.vsock_sock)
self.optional_set_type_class("packet_sock", extensions.packet_sock)
self.optional_set_type_class("bt_sock", extensions.bt_sock)
self.optional_set_type_class("xdp_sock", extensions.xdp_sock)I also tried to comment all these lines, it's still not working.
With @aiglematth we tried to build a vol2 profile, but any plugin seems to works.
It seems aiglemath have to build a correct Linux kernel (according to Vol). Or, Vol should parse all the optionnary modules before starting.
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
You now have :
DEBUG volatility3.framework.automagic.linux: No suitable linux banner could be matched
Is the correct symbol file still present inside Volatility3 Linux symbols directory ?
You can compare banners and isfinfo plugin, like you did in your first comment.
from volatility3.
nathan-out
commented on June 11, 2024
There is additionnal char at the end of isfinfo (\n\x00)?
Volatility 3 Framework 2.5.0
Progress: 100.00 PDB scanning finished
URI Valid Number of base_types Number of types Number of symbols Number of enums Identifying information
file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/linux/output.json True (cached) 16 5829 83679 863 b'Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #5 Thu Jan 25 19:03:11 CET 2024\n\x00'
For banners:
Volatility 3 Framework 2.5.0
banners.Banners
Progress: 100.00 PDB scanning finished
Offset Banner
0x1a00080 Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #3 Fri Jan 19 14:09:49 CET 2024
0x222b6c0 Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #3 Fri Jan 19 14:09:49 CET 2024
Does the exactly same timestamp is required?
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
Those different timestamps indicate you are analyzing a sample from an older kernel. Each time a kernel is compiled, even if the source is the same, small differences might occur in produced debug symbols.
You may have created an ISF against a "newer" version of this kernel. If I check your first comment, you should have the correct ISF somewhere though ?
Volatility 3 Framework 2.5.0
Progress: 100.00 PDB scanning finished
URI Valid Number of base_types Number of types Number of symbols Number of enums Identifying information
<some windows symbol files>
file:///mnt/d/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/linux/output.json Unknown 16 5829 83679 863 b'Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #3 Fri Jan 19 14:09:49 CET 2024'
from volatility3.
nathan-out
commented on June 11, 2024
Banners and isfinfo fixed manually. Patching with the code above produce this error:
Volatility 3 Framework 2.5.0
INFO volatility3.cli: Volatility plugins path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\plugins', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\plugins']
INFO volatility3.cli: Volatility symbols path: ['D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\symbols', 'D:\\Tools\\volatility3-2.5.0\\volatility3-2.5.0\\volatility3\\framework\\symbols']
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\plugins, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\plugins
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic
Level 7 volatility3.cli: Cache directory used: C:\Users\sieur\AppData\Roaming\volatility3
linux.pslist.PsList
INFO volatility3.framework.automagic: Detected a linux category plugin
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Level 9 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
Level 6 volatility3.framework.symbols.intermed: Searching for symbols in D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\symbols, D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols
Level 7 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/ADC00FA5FC34456BA16E268745724099-1.json.xz as b'ntkrnlmp.pdb|ADC00FA5FC34456BA16E268745724099|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/pe.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-15063-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/registry.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17763-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash_common.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/CA8E2F01B822EDE6357898BFBF862997-1.json.xz as b'ntkrnlmp.pdb|CA8E2F01B822EDE6357898BFBF862997|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-16299-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-xp-2003-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win8-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-14393-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win8-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-16299-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17134-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/callbacks-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/elf.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win8-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-17134-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-15063-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/bash64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-18363-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/kerb_ecrypt.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/generic/qemu.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-sp12-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-18362-x64.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/linux/output.json as b'Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #3 Fri Jan 19 14:09:49 CET 2024'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/callbacks-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-vista-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-19041-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win7-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-10240-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/kdbg.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/68A17FAF3012B7846079AEECDBE0A583-1.json.xz as b'ntkrnlmp.pdb|68A17FAF3012B7846079AEECDBE0A583|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-x64.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/ntkrnlmp.pdb/F9F3101286B6467CDE2D6C8304D7F43C-1.json.xz as b'ntkrnlmp.pdb|F9F3101286B6467CDE2D6C8304D7F43C|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/pdb.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/bash32.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win10-16299-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/linux/xen.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-15063-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-19041-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-15063-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x64-win7.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-win10-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-vista-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-xp-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win81-19935-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/mbr.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win7-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/mft.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/bigpools/bigpools-win10-x86.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-10586-x86.json
Level 8 volatility3.framework.automagic.symbol_cache: Identified file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/symbols/windows/tcpip.pdb/942CC690894B8899CD5B8607C72A62EA-1.json.xz as b'tcpip.pdb|942CC690894B8899CD5B8607C72A62EA|1'
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/services/services-win8-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/netscan/netscan-win10-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/poolheader-x64.json
Level 6 volatility3.framework.automagic.symbol_cache: No identifier found for file:///D:/Tools/volatility3-2.5.0/volatility3-2.5.0/volatility3/framework/symbols/windows/crash.json
INFO volatility3.framework.automagic: Running automagic: LayerStacker
Level 6 volatility3.framework: Importing from the following paths: D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\layers
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
Level 6 volatility3.framework.layers.elf: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
Level 6 volatility3.framework.layers.xen: Exception: Bad magic 0xf000ff53 at file offset 0x0
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
Level 8 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 5.0.0 (aigle@aigle) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #3 Fri Jan 19 14:09:49 CET 2024'
Level 7 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: inet_sock
Level 6 volatility3.framework.automagic.stacker: Traceback (most recent call last):
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic\stacker.py", line 213, in stack_layer
new_layer = stacker.stack(context, initial_layer, progress_callback)
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\automagic\linux.py", line 72, in stack
table = linux.LinuxKernelIntermedSymbols(
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols\linux\__init__.py", line 47, in __init__
self.set_type_class("inet_sock", extensions.inet_sock)
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols\intermed.py", line 60, in _delegate_function
return getattr(self._delegate, name)(*args, **kwargs)
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols\intermed.py", line 425, in set_type_class
raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")
ValueError: Symbol type not in LintelStacker1 SymbolTable: inet_sock
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
INFO volatility3.framework.automagic: Running automagic: KernelModule
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
Level 9 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Unsatisfied requirement plugins.PsList.kernel.layer_name:
Unsatisfied requirement plugins.PsList.kernel.symbol_table_name:
A translation layer requirement was not fulfilled. Please verify that:
A file was provided to create this layer (by -f, --single-location or by config)
The file exists and is readable
The file is a valid memory image and was acquired cleanly
A symbol table requirement was not fulfilled. Please verify that:
The associated translation layer requirement was fulfilled
You have the correct symbol file for the requirement
The symbol file is under the correct directory or zip file
The symbol file is named appropriately or contains the correct banner
Unable to validate the plugin requirements: ['plugins.PsList.kernel.layer_name', 'plugins.PsList.kernel.symbol_table_name']
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
This shouldn't crash, as optional_set_type_class is supposed to catch this error and ignore it.
You have the following patch, if I'm not mistaken ?
diff --git a/volatility3/framework/symbols/linux/__init__.py b/volatility3/framework/symbols/linux/__init__.py
index c4e2587f..adf855a5 100644
--- a/volatility3/framework/symbols/linux/__init__.py
+++ b/volatility3/framework/symbols/linux/__init__.py
@@ -45,7 +45,7 @@ class LinuxKernelIntermedSymbols(intermed.IntermediateSymbolTable):
self.set_type_class("net", extensions.net)
self.set_type_class("socket", extensions.socket)
self.set_type_class("sock", extensions.sock)
- self.set_type_class("inet_sock", extensions.inet_sock)
+ self.optional_set_type_class("inet_sock", extensions.inet_sock)
self.set_type_class("unix_sock", extensions.unix_sock)
# Might not exist in older kernels or the current symbols
self.optional_set_type_class("netlink_sock", extensions.netlink_sock)edit: from what I can see :
File "D:\Tools\volatility3-2.5.0\volatility3-2.5.0\volatility3\framework\symbols\linux\__init__.py", line 47, in __init__
self.set_type_class("inet_sock", extensions.inet_sock)
There seems to be something off ?
from volatility3.
ikelos
commented on June 11, 2024
I don't know when that patch made it in, but it might be worth updating to the lastest development snapshot rather than 2.5.0?
from volatility3.
Abyss-W4tcher
commented on June 11, 2024
This is a custom patch, suiting their need for a sample from a Linux kernel without network capabilities. It should rightfully ignore the missing symbol error, as they will most likely not need it in their analysis.
from volatility3.
Related Issues (20)
- Symbol _ETHREAD not in symbol table/symbol table not found HOT 1
- linux.kmsg.Kmsg returning Page error HOT 24
- Yarascan process_yara_options method needs updating to ensure requirements and processing options remain in sync
- Missing plugins from blog posts from volatility labs HOT 1
- Add support for determining/filtering symbol tables HOT 1
- Duplicate Enum value in `bpf_map_type` HOT 2
- ValueError: negative shift count for volshell.py dt( ps()[0] ) HOT 2
- Linux: Kmsg Unsupported kernel implementation - 3.2 HOT 16
- `kernel_cap_struct` still required despite #997 HOT 1
- Issue with symbol table HOT 1
- Can't find symbols for Windows Sandbox memory image
- Build a UI based way of choosing columns to display
- Not able to download requirements.txt for Volatility 3-1.0.0 HOT 1
- Ubuntu 22.04 Unresolved Reference HOT 7
- linux: `module_layout` is replaced by `module_memory` as of 6.4 HOT 6
- PluginRequirements should not be fulfilled unless their PluginRequirements are fulfilled
- windows.handles.Handles not working HOT 5
- Potential support of minidump formats from processes? HOT 8
- syntaxwarning on python 3.12 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from volatility3.