Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MacOS Profile: macOS Monterey #747

Closed
bellohai opened this issue May 27, 2022 · 3 comments
Closed

MacOS Profile: macOS Monterey #747

bellohai opened this issue May 27, 2022 · 3 comments

Comments

@bellohai
Copy link

Hi, Did volatility support MacOS Monterey version 12.0.1 profile?
I am having issue with "Unable to find an OS X profile for the given memory sample.

macprofile

@digitalisx
Copy link
Contributor

Hello @GordonChaiCheenShun,
You used is Volatility, it may not be right to discuss this in the Volatility3 repository.. :)
But to think about the solution, Volatility3 uses Symbol Tables instead of the concept of Profile, tools such as dwarf2json will allow you to create and analyze Symbol Tables for your desired operating system (Linux or Mac).

@digitalisx
Copy link
Contributor

Additional, It is not recommended to raise the same issue with many repositories unless you need it. Not only does it not guarantee a quick answer, but it can also confuse the maintainer. Before you raise an issue, consider what repositories are appropriate for the issues you face.. :)
(volatilityfoundation/volatility#820, volatilityfoundation/profiles#89)

@ikelos
Copy link
Member

ikelos commented May 27, 2022

Volatility 3 would support it, but I don't know if it's the default set of system tables, or whether it's too recent. If it's too recent, you can examine the files here or use dwarf2json directly to generate your own profile, based on the documentation for making symbol tables. As @digitalisx pointed out, the tables generated would not run under volatility 2.6, and I believe support for vol 2.6 was due to end in August to 2021 so it might be hopeful to think it will one day support more recent mac kernels.

I hope this helps, you can get more interactive support by asking questions on our slack channel (for both vol 2 and vol 3). As such I'm going to close this issue (since it's open in two more appropriate places), but feel free to reopen it if you feel there's more to add to the discussion. 5:)

@ikelos ikelos closed this as completed May 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants