Linux/RedHat/x86/RedHat56.zip is x64

[hiddenillusion]

Looks like the RH profile uploaded to Linux/RedHat/x86/RedHat56.zip is x64 instead of x86

[gleeda]

I haven't looked at it yet, but why do you say that?

[hiddenillusion]

I was unsuccessful when attempting to use it with a memory dump for said config. During some troubleshooting, I noticed the following which made me believe it's for the wrong arch.:

$ unzip -d RedHat55_x86 profiles-master/Linux/RedHat/x86/RedHat55.zip Archive: profiles-master/Linux/RedHat/x86/RedHat55.zip inflating: RedHat55_x86/volatility/tools/linux/module.dwarf inflating: RedHat55_x86/boot/System.map-2.6.18-194.el5 $ unzip -d RedHat55_x64 profiles-master/Linux/RedHat/x64/RedHat55.zip Archive: profiles-master/Linux/RedHat/x64/RedHat55.zip inflating: RedHat55_x64/volatility/tools/linux/module.dwarf inflating: RedHat55_x64/boot/System.map-2.6.18-194.el5 $ unzip -d RedHat56_x86 profiles-master/Linux/RedHat/x86/RedHat56.zip Archive: profiles-master/Linux/RedHat/x86/RedHat56.zip inflating: RedHat56_x86/volatility/tools/linux/module.dwarf inflating: RedHat56_x86/boot/System.map-2.6.18-238.el5 $ unzip -d RedHat56_x64 profiles-master/Linux/RedHat/x64/RedHat56.zip Archive: profiles-master/Linux/RedHat/x64/RedHat56.zip inflating: RedHat56_x64/volatility/tools/linux/module.dwarf inflating: RedHat56_x64/boot/System.map-2.6.18-238.el5

$ egrep -R DW_AT_comp_dir RedHat5*/volatility/tools/linux/module.dwarf RedHat55_x64/volatility/tools/linux/module.dwarf:...DW_AT_comp_dir</usr/src/kernels/2.6.18-194.el5-x86_64> RedHat55_x86/volatility/tools/linux/module.dwarf:...DW_AT_comp_dir</usr/src/kernels/2.6.18-194.el5-i686> RedHat56_x64/volatility/tools/linux/module.dwarf:... DW_AT_comp_dir</usr/src/kernels/2.6.18-238.el5-x86_64> RedHat56_x86/volatility/tools/linux/module.dwarf:...DW_AT_comp_dir</usr/src/kernels/2.6.18-238.el5-x86_64>