create-profile.sh

1. #!/bin/bash
2. # Simple script to create a makefile for a Volatility profile.
3. # Intended to be used with an image file.
4. # As developed for PentesterAcademy
5. # by Dr. Phil Polstra (@ppolstra)
6.  
7. usage() {
8.   echo "Script to create a Volatility profile from a mounted image file"
9.   echo "Usage: $0 <path to image root>"
10.   exit 1
11. }
12.  
13. if [ $# -lt 1 ] ; then
14.     usage
15. fi
16.  
17. oldir=$(pwd)
18. cd ${1}/boot
19. ver=$(ls System.map* | sed "s/System.map-//" | tr "\n" "|" \
20.   | sed -nr 's/([a-zA-Z0-9\.\-]+\|)*([a-zA-Z0-9\.\-]+\|)$/\2/p' \
21.   | sed "s/|/\n/")
22. cd "${oldir}"
23.  
24. echo "Version: ${ver}"
25.  
26.  
27. PWD=$(pwd)
28. MAKE=$(which make)
29.  
30. cat <<EOF > Makefile.${ver}
31. obj-m += module.o
32.  
33. -include version.mk
34.  
35. all: dwarf
36.  
37. dwarf: module.c
38.     ${MAKE} -C ${1}/lib/modules/${ver}/build CONFIG_DEBUG_INFO=y M="${PWD}" modules
39.     dwarfdump -di module.ko > module.dwarf
40.     ${MAKE} -C ${1}/lib/modules/${ver}/build M="${PWD}" clean
41.  
42. clean:
43.     ${MAKE} -C ${1}/lib/modules/${ver}/build M="${PWD}" clean
44.     rm -f module.dwarf
45. EOF
46.  
47. # make the dwarf file
48. make -f Makefile.${ver}
49. # copy the System.map file
50. cp ${1}/boot/System.map-${ver} ./.
51. # now make the zip
52. zip Linux${ver}.zip module.dwarf System.map-{ver}