The query .all memory_map on the Linux system gives unexpected results as start memory location = 0x00000000 as well as end memory location = 0x00000000 for all the attributes. Does it just seem weird?
Operating System: Kali Linux
osquery version: 4.0.2 (Current)
I've tried searching on the issues at osquery/issues/
The exact replication of the code on the CLI is:
osqueryi
.all memory_map
which gives the same result as:
osqueryi
SELECT * FROM memory_map
The output of osqueryi is nothing but a message showing that it is using a virtual database as follows.
Using a virtual database. Need help, type '.help'
And the output of .all memory_map is as follows:
+-------------------------------+------------+-------------+
| name | start | end |
+-------------------------------+------------+-------------+
| Reserved | 0x00000000 | 0x00000000 |
| System RAM | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| PCI Bus 0000:00 | 0x00000000 | 0x00000000 |
| Video ROM | 0x00000000 | 0x00000000 |
| Adapter ROM | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| System ROM | 0x00000000 | 0x00000000 |
| System RAM | 0x00000000 | 0x00000000 |
| ACPI Non-volatile Storage | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| System RAM | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| System RAM | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| ACPI Non-volatile Storage | 0x00000000 | 0x00000000 |
| ACPI Tables | 0x00000000 | 0x00000000 |
| System RAM | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| Graphics Stolen Memory | 0x00000000 | 0x00000000 |
| PCI Bus 0000:00 | 0x00000000 | 0x00000000 |
| pnp 00:07 | 0x00000000 | 0x00000000 |
| PCI Bus 0000:01 | 0x00000000 | 0x00000000 |
| 0000:01:00.0 | 0x00000000 | 0x00000000 |
| 0000:01:00.0 | 0x00000000 | 0x00000000 |
| 0000:00:02.0 | 0x00000000 | 0x00000000 |
| PCI Bus 0000:01 | 0x00000000 | 0x00000000 |
| 0000:01:00.0 | 0x00000000 | 0x00000000 |
| PCI Bus 0000:03 | 0x00000000 | 0x00000000 |
| 0000:03:00.0 | 0x00000000 | 0x00000000 |
| iwlwifi | 0x00000000 | 0x00000000 |
| PCI Bus 0000:02 | 0x00000000 | 0x00000000 |
| 0000:02:00.1 | 0x00000000 | 0x00000000 |
| 0000:02:00.1 | 0x00000000 | 0x00000000 |
| r8169 | 0x00000000 | 0x00000000 |
| 0000:02:00.0 | 0x00000000 | 0x00000000 |
| rtsx_pci | 0x00000000 | 0x00000000 |
| 0000:02:00.0 | 0x00000000 | 0x00000000 |
| 0000:00:1f.3 | 0x00000000 | 0x00000000 |
| ICH HD audio | 0x00000000 | 0x00000000 |
| 0000:00:14.0 | 0x00000000 | 0x00000000 |
| xhci-hcd | 0x00000000 | 0x00000000 |
| intel_xhci_usb_sw | 0x00000000 | 0x00000000 |
| 0000:00:1f.3 | 0x00000000 | 0x00000000 |
| ICH HD audio | 0x00000000 | 0x00000000 |
| 0000:00:1f.2 | 0x00000000 | 0x00000000 |
| 0000:00:17.0 | 0x00000000 | 0x00000000 |
| ahci | 0x00000000 | 0x00000000 |
| 0000:00:15.0 | 0x00000000 | 0x00000000 |
| lpss_dev | 0x00000000 | 0x00000000 |
| i2c_designware.0 | 0x00000000 | 0x00000000 |
| lpss_priv | 0x00000000 | 0x00000000 |
| idma64.0 | 0x00000000 | 0x00000000 |
| idma64.0 | 0x00000000 | 0x00000000 |
| 0000:00:15.1 | 0x00000000 | 0x00000000 |
| lpss_dev | 0x00000000 | 0x00000000 |
| i2c_designware.1 | 0x00000000 | 0x00000000 |
| lpss_priv | 0x00000000 | 0x00000000 |
| idma64.1 | 0x00000000 | 0x00000000 |
| idma64.1 | 0x00000000 | 0x00000000 |
| 0000:00:16.0 | 0x00000000 | 0x00000000 |
| mei_me | 0x00000000 | 0x00000000 |
| 0000:00:17.0 | 0x00000000 | 0x00000000 |
| ahci | 0x00000000 | 0x00000000 |
| 0000:00:1f.4 | 0x00000000 | 0x00000000 |
| 0000:00:17.0 | 0x00000000 | 0x00000000 |
| ahci | 0x00000000 | 0x00000000 |
| 0000:00:02.0 | 0x00000000 | 0x00000000 |
| PCI MMCONFIG 0000 [bus 00-ff] | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| pnp 00:07 | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| PCI Bus 0000:00 | 0x00000000 | 0x00000000 |
| pnp 00:00 | 0x00000000 | 0x00000000 |
| INT344B:00 | 0x00000000 | 0x00000000 |
| INT344B:00 | 0x00000000 | 0x00000000 |
| pnp 00:00 | 0x00000000 | 0x00000000 |
| INT344B:00 | 0x00000000 | 0x00000000 |
| INT344B:00 | 0x00000000 | 0x00000000 |
| INT344B:00 | 0x00000000 | 0x00000000 |
| INT344B:00 | 0x00000000 | 0x00000000 |
| pnp 00:00 | 0x00000000 | 0x00000000 |
| iTCO_wdt | 0x00000000 | 0x00000000 |
| iTCO_wdt | 0x00000000 | 0x00000000 |
| pnp 00:00 | 0x00000000 | 0x00000000 |
| pnp 00:00 | 0x00000000 | 0x00000000 |
| pnp 00:00 | 0x00000000 | 0x00000000 |
| pnp 00:00 | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| IOAPIC 0 | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| HPET 0 | 0x00000000 | 0x00000000 |
| PNP0103:00 | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| pnp 00:07 | 0x00000000 | 0x00000000 |
| pnp 00:07 | 0x00000000 | 0x00000000 |
| pnp 00:07 | 0x00000000 | 0x00000000 |
| pnp 00:07 | 0x00000000 | 0x00000000 |
| MSFT0101:00 | 0x00000000 | 0x00000000 |
| MSFT0101:00 | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| dmar0 | 0x00000000 | 0x00000000 |
| dmar1 | 0x00000000 | 0x00000000 |
| Local APIC | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| pnp 00:07 | 0x00000000 | 0x00000000 |
| INT0800:00 | 0x00000000 | 0x00000000 |
| Reserved | 0x00000000 | 0x00000000 |
| System RAM | 0x00000000 | 0x00000000 |
| Kernel code | 0x00000000 | 0x00000000 |
| Kernel data | 0x00000000 | 0x00000000 |
| Kernel bss | 0x00000000 | 0x00000000 |
| RAM buffer | 0x00000000 | 0x00000000 |
+-------------------------------+------------+-------------+
Update: Yes, I was using the root user. I eventually changed my system to Kubuntu 19.04 and there it works like a charm.