Skip to content
This repository was archived by the owner on May 16, 2025. It is now read-only.
This repository was archived by the owner on May 16, 2025. It is now read-only.

KeyError: 'DW_AT_byte_size' error on Ubuntu-Linux 4.15.0_48-generic system using Python 2.7.12 #638

Open
Open
KeyError: 'DW_AT_byte_size' error on Ubuntu-Linux 4.15.0_48-generic system using Python 2.7.12#638
Labels
linux/mac
@dmwharris

Description

@dmwharris
dmwharris
opened on Aug 15, 2019

Hello, after creating a volatility profile for an Ubuntu-Linux 4.15.0_48-generic system using version 2.6 and running it against a LiME sample created with

insmod lime-4.15.0-48-generic.ko "path=/home/developer/lime-4.15.0-48-generic.lime format=lime"

I get the following error:

root@nuc2:/home/developer/Downloads/volatility-master# python vol.py --profile=LinuxUbuntu4_15_0-48-genericx64 -f /home/developer/lime-4.15.0-48-generic.lime modules
Volatility Foundation Volatility Framework 2.6
Traceback (most recent call last):
File "vol.py", line 192, in
main()
File "vol.py", line 183, in main
command.execute()
File "/home/developer/Downloads/volatility-master/volatility/commands.py", line 116, in execute
if not self.is_valid_profile(profsself._config.PROFILE):
File "/home/developer/Downloads/volatility-master/volatility/plugins/overlays/linux/linux.py", line 216, in init
obj.Profile.init(self, *args, **kwargs)
File "/home/developer/Downloads/volatility-master/volatility/obj.py", line 862, in init
self.reset()
File "/home/developer/Downloads/volatility-master/volatility/plugins/overlays/linux/linux.py", line 227, in reset
self.load_vtypes()
File "/home/developer/Downloads/volatility-master/volatility/plugins/overlays/linux/linux.py", line 264, in load_vtypes
vtypesvar = dwarf.DWARFParser(dwarfdata).finalize()
File "/home/developer/Downloads/volatility-master/volatility/dwarf.py", line 71, in init
self.feed_line(line)
File "/home/developer/Downloads/volatility-master/volatility/dwarf.py", line 162, in feed_line
self.process_statement(**parsed) #pylint: disable-msg=W0142
File "/home/developer/Downloads/volatility-master/volatility/dwarf.py", line 204, in process_statement
self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
KeyError: 'DW_AT_byte_size'

Python version is 2.7.12

I was using the dwarfdump associated with Ubuntu 16.01 xenial, which as 20120410-2+deb7u2build0.16.04.1.

Is this because version 2.6 doesn't support Linux 4.15.0-48-generic? Or should I use a later version of dwarfdump?

Metadata

Metadata

Assignees

No one assigned

    Labels

    linux/mac

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions