CODEWITHSUNDEEP
volatility
volfy_eye
volfy_eye

Reputation: 21

Volatillity missing MODULE LICENSE()

I'm trying to make a profile in Volatility 2. I tried on Debian, Kali and Ubuntu 120.04 and Ubuntu 18 (gcc 7.5.0). I tried to update the headers, export pathes etc.. but still I have the same error . I tried also to dowload a profile from github but they are too old ( i didn't found nothing new - just Ubuntu 14) . I also checked module.h info but didn't find antything helpfull. Any idea what i can do?

make -C //lib/modules/4.15.0-162-generic/build CONFIG_DEBUG_INFO=y M="/root/volatility-master/tools/linux" modules
make[1]: Entering directory '/usr/src/linux-headers-4.15.0-162-generic'
  CC [M]  /root/volatility-master/tools/linux/module.o
  Building modules, stage 2.
  MODPOST 1 modules
WARNING: modpost: missing MODULE_LICENSE() in /root/volatility-master/tools/linux/module.o
see include/linux/module.h for more information
  CC      /root/volatility-master/tools/linux/module.mod.o
  LD [M]  /root/volatility-master/tools/linux/module.ko
make[1]: Leaving directory '/usr/src/linux-headers-4.15.0-162-generic'
dwarfdump -di module.ko > module.dwarf
make -C //lib/modules/4.15.0-162-generic/build M="/root/volatility-master/tools/linux" clean
make[1]: Entering directory '/usr/src/linux-headers-4.15.0-162-generic'
  CLEAN   /root/volatility-master/tools/linux/.tmp_versions
  CLEAN   /root/volatility-master/tools/linux/Module.symvers
make[1]: Leaving directory '/usr/src/linux-headers-4.15.0-162-generic'

Upvotes: 2

Views: 491

Answers (1)

krzys_h
krzys_h

Reputation: 153

Volatility2 is no longer supported, and doesn't support modern kernels. I would recommend using volatility3 instead, unless you desperately need modules that are available only in volatility2. If you want to try anyway, see what I had to do to get it to work below.

The problem you mention seems to occur when compiling against more modern versions of the kernel. Open volatility/tools/linux/module.c and at the very end add:

MODULE_LICENSE("GPL");

This solution was taken from here

After that, you will definitely run into other issues. Out of the box, it will crash when trying to load the memory dump file, as the kernel structures change over time, and volatility2 no longer gets updates to support them. Refer to this GitHub issue for possible solutions. For me, it was enough to apply these two patches to get it to work:

After that, manual patching of the modules you need to run may be necessary, as they all reference kernel structures in one way or another.

Upvotes: 0

Related Questions