Hello out there, I have a crash kernel dump of a crashed kernel and I try to dissect the content of the file system with the volatility framework. I installed volatility and dwarf2json. Then I started to analyse the dump file with
vol -vvvvv -f WV78J0~Z201220221336 linux.bash.BashOf course linux.bash.Bash is not the option to restore a filesystem, I choosed it just as a starter.
So I looked how to provide this plugin or profile? I have the kernel which crashed with the kernel dump image in vmlinux, with debugging symbols. So I tried
dwarf2json linux --elf ~chris/vmlinux > linux.json and copied this file to /usr/lib/python-3.10/site-packages/volatility3/symbols/linux.json.
I also tried:
dwarf2json linux --elf vmlinux --system-map System.map | xz -c > linux.json.xzBut the result remains the same, what can I do here?
Thank you in advance
BR Chris