Helix 1.8 and cloop images

You may have to ask in the Helix forums also, https://www.e-fense.com/helix/forum/

Try something like this, replacing the name of the compressedfile, file system type and mount point where appropriate.
insmod /lib/modules/`uname -r`/kernel/drivers/block/cloop.ko file=compressedfile
mount -o ro -t vfat /dev/cloop0 /mnt/compressed
Good luck with your project btw.

Thanks! That brings me a step closer already! I followed your suggestion and posted to the Helix forums as well… but if anyone here is able to help a bit further, it would be appreciated too D

When I try to insert the module like you said, Helix tells me that cloop.ko exists, so it seems to be loaded already. Now I'm not sure how to tell it where the cloop image is. When I try mounting /dev/cloop it says it's already mounted to /KNOPPIX (I guess this is where Helix runs it's own cloop image?). Device cloop0 does not exist, and cloop1 through cloop 4 can't be read.
I tried to do all this both in /KNOPPIX/dev and /dev.

Any more hints will be much appreciated, and thanks so far!

Now I'm not sure how to tell it where the cloop image is.

In your earlier post you mentioned that you had cloop images ready for examination. I assume then that they are on a file system somewhere and you probably need to mount the file system so that Helix can access the image files. Then you can use insmod cloop command pointing to those images on the mounted file system.

When I try mounting /dev/cloop it says it's already mounted to /KNOPPIX

You are using the latest Helix version right? From Helix 1.7 onwards it uses squashfs rather than cloop./dev/loop0 on /KNOPPIX type squashfs (ro)

Device cloop0 does not exist, and cloop1 through cloop 4 can't be read.

You should get 8 cloop devices /dev/cloop0 through to /dev/cloop7, dmesg should report this for you.cloop Initializing cloop v2.03
cloop compressedfile 24 blocks, 65536 bytes/block, largest block is 23318 bytes.
cloop loaded (max 8 devices)