Build Volatility Profile on Centos 5

Redhat has done so many backports features from 3.x kernel to their 2.6.x, this is good for most of the time but it’s hard to build the kernel modules because the data structures is hard to identify.

To build profile for Centos you need two steps:

	yum install elfutils-devel
	wget ''	
	cp dwarfdump /usr/local/sbin
	svn checkout
	cd linux

Without patching:

	make -C //lib/modules/2.6.18-398.el5/build CONFIG_DEBUG_INFO=y M="/tmp/linux" modules
	make[1]: Entering directory `/usr/src/kernels/2.6.18-398.el5-x86_64'
	CC [M]  /tmp/linux/module.o
	/tmp/linux/module.c:204: error: redefinition of 'struct module_sect_attr'
	/tmp/linux/module.c:211: error: redefinition of 'struct module_sect_attrs'
	/tmp/linux/module.c:353:5: warning: "STATS" is not defined
	/tmp/linux/module.c:369:5: warning: "DEBUG" is not defined
	make[2]: *** [/tmp/linux/module.o] Error 1
	make[1]: *** [_module_/tmp/linux] Error 2
	make[1]: Leaving directory `/usr/src/kernels/2.6.18-398.el5-x86_64'
	make: *** [dwarf] Error 2

Apply this patch:

	--- linux/module.c	2016-01-01 07:04:46.000000000 +0700
	+++ linuxx/module.c	2015-12-31 20:15:39.000000000 +0700
	@@ -198,7 +198,7 @@
	struct module_sect_attr
	@@ -221,7 +221,7 @@
	struct module_sections module_sect_attrs;
	struct module_kobject module_kobject;

and then just make

	zip /tmp/ module.dwarf /boot/ 

You can find these profiles here