Symbol table request for missing Ubuntu ISF (5.4.0-33 and 4.15.0-142)

[indtia]

dear sir, thanks for your contribution.
request if you could also send or include the symbol for these banners below mentioned banners, these are required for my academic research project.

1. Linux version 5.4.0-33-generic (buildd@lcy01-amd64-022) (gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)) AUTO/1706536889 #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020 (Ubuntu 5.4.0-33.37-generic 5.4.34)
2. linux version 4.15.0-142-generic

[Abyss-W4tcher]

This answer is valid for both of your queries.

Hello @indtia,

Unfortunately, you came against one of the Ubuntu kernels that haven't been released in the ddeb debug sources. Doing so, it isn't available in this repository, as I only fetch and build Ubuntu ISF from this (stable) source.

You have two solutions, one is pointed in the Readme :

• Fetch the debug symbols from the Ubuntu kernel team, and build the ISF with dwarf2json : https://answers.launchpad.net/ubuntu/focal/amd64/linux-image-unsigned-5.4.0-33-generic-dbgsym/5.4.0-33.37

• Use Volatility2 (deprecated, non-recommended), as most of the time these kernels can still be compiled : https://github.com/Abyss-W4tcher/volatility2-profiles/tree/master/Ubuntu/amd64/5.4.0/33/generic

As a side note, I cannot build these kernels automatically, as they are considered "testing" or "unstable"....

---

Full example :

wget http://launchpadlibrarian.net/480781452/linux-image-unsigned-5.4.0-33-generic-dbgsym_5.4.0-33.37_amd64.ddeb
dpkg-deb -x linux-image-unsigned-5.4.0-33-generic-dbgsym_5.4.0-33.37_amd64.ddeb debug_kernel/
dwarf2json linux --elf debug_kernel/usr/lib/debug/boot/vmlinux-5.4.0-33-generic | xz > linux-image-unsigned-5.4.0-33-generic-dbgsym_5.4.0-33.37_amd64.json.xz

[indtia]

Hello sir, Thank you so much for your help i really appreciate it.
i got the Symbol table and it worked.

[indtia]

Hello sir, i have tried the same command for downloading one more kernel version;
Linux version 4.15.0-142-generic (buildd@lgw01-amd64-036) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #146-Ubuntu SMP Tue Apr 13 01:11:19 UTC 2021 (Ubuntu 4.15.0-142.146-generic 4.15.18)
i have tried it but i am getting error as ;

wget http://ddebs.ubuntu.com/pool/main/l/linux-signed-generic/linux-image-unsigned-4.15.0-142-generic-dbgsym_4.15.0-142.146_amd64.ddeb.

--2023-12-03 17:58:08-- http://ddebs.ubuntu.com/pool/main/l/linux-signed-generic/linux-image-unsigned-4.15.0-142-generic-dbgsym_4.15.0-142.146_amd64.ddeb
Resolving ddebs.ubuntu.com (ddebs.ubuntu.com)... 2620:2d:4000:1::2b, 2620:2d:4000:1::2a, 91.189.91.49, ...
Connecting to ddebs.ubuntu.com (ddebs.ubuntu.com)|2620:2d:4000:1::2b|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-12-03 17:58:09 ERROR 404: Not Found.
May i request if you could give me same type of comd for generating the ISF file for following banner:

Linux version 4.15.0-142-generic (buildd@lgw01-amd64-036) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #146-Ubuntu SMP Tue Apr 13 01:11:19 UTC 2021 (Ubuntu 4.15.0-142.146-generic 4.15.18).
it will be a great help for me. thanks.

[Abyss-W4tcher]

Hi, you won't find it in the ddebs repository, as indicated in my first comment. You will have to search in the Ubuntu development team website for the .ddeb.

However, there is a pattern that can help you, to find the package :

https://launchpad.net/ubuntu/{UBUNTU_VERSION}/amd64/?text={KERNEL_VERSION}-dbgsym

Applying this to kernel "5.4.0-33-generic", you first need to determine the Ubuntu version (https://launchpad.net/ubuntu/+series). Then :

• https://answers.launchpad.net/ubuntu/focal/amd64/?text=5.4.0-33-generic-dbgsym

You'll get a list of packages, most likely to contain the .ddeb file (always check for the ~1GB, not the 15kB ones).

I let you search for "4.15.0-142-generic" :)

[Abyss-W4tcher]

Hi @indtia, a script automating the process is now available here :

https://github.com/Abyss-W4tcher/volatility3-symbols/blob/master/symbols_finders/ubuntu_symbols_finder.py