Trouble Shooting - XuehengWang/LiME-Volatility GitHub Wiki

一些可能遇到的问题和解决方案,Good luck!

  • 安装yara-python时遇到openssl报错:openssl/x509.h: No such file or directory

Solution:

  1. Try commands like $ sudo apt-get install libssl-dev or $ yum install -y openssl-devel
  2. 参考解决方案:https://stackoverflow.com/questions/17915098/openssl-ssl-h-no-such-file-or-directory-during-installation-of-git
  • /bin/sh: dwarfdump: command not found

Solution:

  1. First try to apt-get dwarfdump on Debian/Ubuntu or the libdwarf-tools package on other distributions.
  2. If failed, try to build from the source package, make sure to build libdwarf first and then dwarfdump
  3. CentOS参考这篇文章解决了问题

  • Volatility make的时候出现:

    CC [M] .../volatility/tools/linux/module.o` MODPOST .../volatility/tools/linux/Module.symvers ERROR: modpost: missing MODULE_LICENSE() in .../volatility/tools/linux/module.o make[1]: *** [scripts/Makefile.modpost:150: .../volatility/tools/linux/Module.symvers] Error 1

Solution:

  1. Add MODULE_LICENSE("GPL"); as last line in file volatility/tools/linux/module.c
  • linux-header-…头文件找不到(E: Unable to locate package linux-headers)

Solution:

  1. 添加软件源

    Kali可以参考:
    https://blog.csdn.net/qq_21774161/article/details/68070594
    https://zhuanlan.zhihu.com/p/440536192

    Ubuntu可以参考:
    https://blog.csdn.net/dafeigehaha/article/details/113704911

  • libpcre++-dev找不到 (Unable to locate package libpcre++-dev)

Solution:

  1. libpcre++-dev改为libpcre3-dev
  • 在编译内核$ make modules_prepare时,遇到multiple definition of 'yylloc' error

Solution:

  1. 找到产生报错的.c文件
  2. 找到YYLTYPE yylloc那行,修改为extern YYLTYPE yylloc
  3. 参考解决方案:
    https://github.com/BPI-SINOVOIP/BPI-M4-bsp/issues/4
  • 在编译内核$ make modules_prepare时,遇到New address family defined, please update secclass_map

Solution:

  1. 找到报错信息中的scripts/selinux/genheaders/genheaders.c/scripts/selinux/mdp/mdp.c, 去掉两个文件头部引用中的#include <sys/socket.h>
  2. 找到报错信息中的/security/selinux/include/classmap.h, 在头文件中添加#include <linux/socket.h>
  3. 参考解决方案:
    https://mudongliang.github.io/2021/01/20/error-new-address-family-defined-please-update-secclass_map.html
    https://blog.csdn.net/zhangpengfei991023/article/details/109672491

  • 在编译内核$ make modules_prepare时,遇到:

    /bin/sh: 1: bison: not found
    /bin/sh: 1: flex: not found
    /bin/sh: 1: bc: not found

Solution:

  1. 遇到类似问题,直接用apt安装缺失的依赖包就可以了
  • github.com的443端口连接不上

Solution:

  1. 尝试以下命令

     $ git config --global url."https://ghproxy.com/https://github.com".insteadOf https://github.com

  • Others

    • 安装libelf可以参考这篇文章

    • 如果运行volatility出现类似"...address space not found..."的问题,需要检查Profile文件的生成过程是否正确