osxpmem-2.1 post4 on macOS 10.15.5

[matsa...@gmail.com]

Hi, dear Rekall team!

I am trying to get RAM dump using OSXPmem-2.1 on my macOS 10.15 and get error:

kextload MacPmem.kext/

/Users/mihai/osxpmem.app/MacPmem.kext failed to load - (libkern/kext) authentication failure (file ownership/permissions); check the system/kernel logs for errors or try kextutil(8).

I also tried to call:

sudo chown -R root:wheel osxpmem.app/
sudo chown -R root:wheel osxpmem.app/MacPmem.kext

After that the files have the correct permissions but the same error still pops up.

kextutil:

MiMac-Pro:osxpmem.app root# kextutil MacPmem.kext

Kext rejected due to improper filesystem permissions: <OSKext 0x7fddf94166b0 [0x7fff88ab7b60]> { URL = "file:///Library/StagedExtensions/Users/mihai/osxpmem.app/MacPmem.kext/", ID = "com.google.MacPmem" }

Diagnostics for /Users/mihai/osxpmem.app/MacPmem.kext:

Authentication Failures: 

    File owner/permissions are incorrect (must be root:wheel, nonwritable by group/other): 

        /Library/StagedExtensions/Users/mihai/osxpmem.app/MacPmem.kext

        Contents

        _CodeSignature

        CodeResources

        MacOS

        MacPmem

        Info.plist

I beg you to help me as soon as possible since it is vital for me to get RAM dump

Best regards,

Igor

[Mike Cohen]

you should make sure it has permission 700.

You usually get these issued when you unpack the tar as a non-root user because tar can not preserve ownerships or permissions. Try to untar the package as root.

Thanks

Mike

--
You received this message because you are subscribed to the Google Groups "rekall-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rekall-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rekall-discuss/41f70ff9-605c-4ee3-ab1c-489f501536ebo%40googlegroups.com.