-
Notifications
You must be signed in to change notification settings - Fork 0
Working with Volatility shell
Sam Duy edited this page Feb 8, 2018
·
1 revision
- Start the interactive shell
$ python vol.py linux_volshell
- Get the profile
In [1]: p = addrspace().profile- Get the mapping table
In [2]: tbl = p.sys_map["kernel"]- Get any symbol
In [3]: p.get_symbol("<symbol_name>")E.g.
In [3]: p.get_symbol("timekeeper")- Get information of the profile
In [7]: p.metadata
Out[7]: {'arch': 'ARM', 'memory_model': '32bit', 'os': 'linux'}
- View all vtypes exist in the profile
In []: p.vtypes
- Background
- Anatomy of Volatility
- Profile for Volatility
- uClinux profile for Volatility
- Results
- Conclusion
- Advanced topics