All pastes #2101286 Raw Edit

Someone

public text v1 · immutable
#2101286 ·published 2012-01-08 21:50 UTC
rendered paste body
root@newubuntu:~/lin64/lin64-support# python vol.py --profile Linux32 --profile_file=tools/linux/profile.zip -f /dev/pmem pslist
Volatile Systems Volatility Framework 2.1_alpha
WARNING : volatility.obj      : comm has no offset in object task_struct. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : name has no offset in object net_device. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : s_id has no offset in object super_block. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : sun_path has no offset in object sockaddr_un. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : x86_model_id has no offset in object cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : x86_vendor_id has no offset in object cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : name has no offset in object module. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : comm has no offset in object task_struct. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : name has no offset in object net_device. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : s_id has no offset in object super_block. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : sun_path has no offset in object sockaddr_un. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : x86_model_id has no offset in object cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : x86_vendor_id has no offset in object cpuinfo_x86. Check that vtypes has a concrete definition for it.
WARNING : volatility.obj      : name has no offset in object module. Check that vtypes has a concrete definition for it.
INFO    : volatility.plugins.overlays.linux.linux32: Found dwarf file boot/System.map-2.6.32-24-generic
INFO    : volatility.plugins.overlays.linux.linux32: Found dwarf file module.dwarf
Offset   Name                 Pid             Uid
0xf7088000 init                 1               0
0xf7088cc0 kthreadd             2               0
0xf7089980 migration/0          3               0
0xf708a640 ksoftirqd/0          4               0