Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsatisfied requirement plugins.Docker.kernel #28

Closed
Cool-Y opened this issue Apr 4, 2022 · 3 comments
Closed

Unsatisfied requirement plugins.Docker.kernel #28

Cool-Y opened this issue Apr 4, 2022 · 3 comments

Comments

@Cool-Y
Copy link

Cool-Y commented Apr 4, 2022

Hi, I met a issue when use docker plugin. There is no kernel config. How to solve it? Thank you all~
my profile is file:///home/cool/memory-detect/volatility3/volatility3/framework/symbols/linux/Ubuntu-5.4.0-100-generic-Profile.json

python vol.py -vvv -f ../memory-dumps/dao/4.dmp linux.docker.Docker
Volatility 3 Framework 2.0.3
.......
INFO     volatility3.framework.automagic: Detected a linux category plugin
INFO     volatility3.framework.automagic: Running automagic: ConstructionMagic
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel
Level 9  volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Docker.kernel
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel.layer_name
Level 9  volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Docker.kernel.layer_name
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel.layer_name
Level 9  volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Docker.kernel
Level 9  volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Docker.kernel.symbol_table_name
Level 9  volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Docker.kernel.symbol_table_name
Level 9  volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Docker.kernel.symbol_table_name
Level 9  volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Docker.kernel
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel
Level 9  volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.Docker
INFO     volatility3.framework.automagic: Running automagic: SymbolBannerCache
INFO     volatility3.framework.automagic: Running automagic: LinuxBannerCache
INFO     volatility3.framework.automagic.symbol_cache: Building linux caches...
INFO     volatility3.framework.automagic: Running automagic: LayerStacker
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel
INFO     volatility3.schemas: Dependency for validation unavailable: jsonschema
DEBUG    volatility3.schemas: All validations will report success, even with malformed input
DEBUG    volatility3.framework.interfaces.layers: Scan Failure: MultiRegexp cannot be used with an empty set of search strings
DEBUG    volatility3.framework.automagic.linux: No suitable linux banner could be matched
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel.layer_name
Level 9  volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: Elf64Layer
Level 9  volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG    volatility3.framework.automagic.stacker: Stacked layers: ['Elf64Layer', 'FileLayer']
INFO     volatility3.framework.automagic: Running automagic: SymbolFinder
INFO     volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
Level 9  volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Docker.kernel.symbol_table_name
INFO     volatility3.framework.automagic: Running automagic: KernelModule
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel.layer_name
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Docker.kernel

Unsatisfied requirement plugins.Docker.kernel: Linux kernel
Unable to validate the plugin requirements: ['plugins.Docker.kernel']
@oshaked1
Copy link
Collaborator

oshaked1 commented Apr 4, 2022

Hi, this error usually occurs when the profile is invalid. Do other plugins work for you?

@Cool-Y
Copy link
Author

Cool-Y commented Apr 5, 2022

Hi, this error usually occurs when the profile is invalid. Do other plugins work for you?

yes, the profile is invalid. There is a mistake in your MD. The command should be dwarf2json linux --elf vmlinux-xxx --system-map System.map-xxx | xz -c > output.json.xz

@oshaked1
Copy link
Collaborator

The original command works for me, but I added yours as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Cool-Y @oshaked1