#!/bin/bash

TOOLSDIR=/usr/share/python-volatility/tools/linux
PROFILEDIR=/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux
TEMPDIR=`mktemp -d`


OSNAME=`cat /etc/os-release | grep "^NAME=" | cut -d "=" -f 2 | sed -e 's/"//g;'`
OSVER=`cat /etc/os-release | grep "^VERSION_ID=" | cut -d "=" -f 2 | sed -e 's/"//g;'`
KERNEL=`uname -r`

ZIPNAME="${OSNAME}_${OSVER}-${KERNEL}.zip"

if [ "x$1" = "x--help" ] ; then
	echo "Syntax:      $0"
	echo "Description: generate linux profile for use with Volatility based on the current running kernel"
	echo "             Profile will be stored to directory $PROFILEDIR"
	echo ""
	echo "Dependencies: dwarfdump(libdwarf-tools), libdwarf, elfutils-libelf, kernel-headers, make, gcc"
	exit 0
fi

DWARFDUMP=`which dwarfdump 2>/dev/null`
if [ "$DWARFDUMP" = "" ] ; then 
	echo "Error: tool dwarfdump is not installed. Please install the libdwarf-tools package."
	exit 1
fi

MYID=`id -u`
if [ $MYID -ne 0 ] ; then
	echo -e "ERROR: Needs to run as root to be able to read the '/boot/System.map-${KERNEL}' of the current kernel and write the profile to: \n '${PROFILEDIR}/${ZIPNAME}'"
	exit 1
fi

cp ${TOOLSDIR}/Makefile ${TOOLSDIR}/module.c "${TEMPDIR}/"
cd "${TEMPDIR}"
make

echo zip ${PROFILEDIR}/${ZIPNAME} module.dwarf /boot/System.map-${KERNEL}
zip ${PROFILEDIR}/${ZIPNAME} module.dwarf /boot/System.map-${KERNEL}

cd -
rm -rf "$TEMPDIR"
