gef VS volatility

There is also GEF, which is widely used by the reverse engineering and CTF community.

https://github.com/hugsy/gef

If you are on Linux, install GEF and be happy.

If you are in linux, I recomend none of them (haha) because you should get more used to GDB a little bit. You just need to install some good visualizers likes GEF, for example.

https://github.com/hugsy/gef, https://hugsy.github.io/gef/, https://hugsy.github.io/gef/commands/context/ ("Values in red indicate that this register has had its value changed since the last time execution stopped.")

The attached debugger is not just raw GDB but is using https://hugsy.github.io/gef/ to make debugging less of a pain. It's still not perfect but helps plenty already.

I still struggle with GDB but my excuse is that I seldom use it.

When I was studying reverse engineering though, I came across a really cool kit (which I've yet to find an alternative for lldb, which would be nice given: rust)

I'd recommend checking it out, if for no other reason than it makes a lot of things really obvious (like watching what value lives in which register).

https://github.com/hugsy/gef

LLDB's closest alternative to this is called Venom, but it's not the same at all. https://github.com/ovh/venom

I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)

Take a look at this link and specifically note how the profiles are named, especially Ubuntu - https://github.com/volatilityfoundation/volatility/wiki/Linux-Command-Reference

I think the typical tool for analyzing OS memory dumps is Volatility but I can't give you a course in how to use it, that is supposedly what your school should be doing.

Analyzing memory dumps can be hard, especially at the beginning. You might want to use comprehensive Frameworks like volatility.

git clone https://github.com/volatilityfoundation/volatility.git whenever i want to run something I get PS C:\Users\czare_000\python-course-for-beginners\bs4\volatility> & C:/Users/czare_000/AppData/Local/Programs/Python/Python310/python.exe c:/Users/czare_000/python-course-for-beginners/bs4/volatility/volatility/debug.py Traceback (most recent call last): File "c:\Users\czare_000\python-course-for-beginners\bs4\volatility\volatility\debug.py", line 27, in import volatility.conf ModuleNotFoundError: No module named 'volatility' or i also get except Exception, e: ^^^^^^^^^^^^ SyntaxError: multiple exception types must be parenthesized

Volatility is python based so you will need to install it and volatility's required dependencies. You can find the install instructions here https://github.com/volatilityfoundation/volatility

volatility - Version 2 Version 3

The volatility wiki should have instructions you need. Just follow the steps here (https://github.com/volatilityfoundation/volatility/wiki/Linux#making-the-profile)