-
```
This bug is probably the result of ambiguous validity checking. I did a vadinfo
on the image xp-laptop-2005-06-25.img and I could see lines like:
FileObject @823c234c FileBuffer @ f000af7e …
-
```
The FileAddressSpace.read(addr, length) API doesn't handle NativeType. All
other AS (or at least most of them that I've seen) you can pass a NativeType as
the length. If you pass a NativeType to…
-
Hello,
I've got a problem getting correct PTE data. Below are the details.
OS is Windows 7 SP1 x64.
The screenshot below illustrates the data (PXE/PPE/PDE/PTE part) I'm after but instead my code p…
ghost updated
8 years ago
-
```
Since scudette got me started...we should port the heap and stack plugins to 2.0
https://github.com/carlpulley/volatility/tree/master/memory_plugins/honeynet
don't worry about the file objects p…
-
```
The FileAddressSpace.read(addr, length) API doesn't handle NativeType. All
other AS (or at least most of them that I've seen) you can pass a NativeType as
the length. If you pass a NativeType to…
-
```
Reported by Sebastien Bourdon-Richard on Vol-dev:
I'm playing with a 5GB Windows 7 SP0 64bit memory dump and I have some
problems with processes mapped over 4GB.
Pslist only shows System proces…
-
```
So upon investigating a new plugin that has to traverse a *lot* of registry
keys. In so doing, it calls is_valid_address often which calls
HiveAddressSpace vtop, which calls the following:
sel…
-
```
The FileAddressSpace.read(addr, length) API doesn't handle NativeType. All
other AS (or at least most of them that I've seen) you can pass a NativeType as
the length. If you pass a NativeType to…
-
```
linux_dmesg seems to be exiting with an error. Tested with Volatility 2.2 and
2.3_alpha on CentOS 6.3 x86 (kernel 2.6.32-279.14.1.el6.i686). Memory image
and profile available from http://deer…
-
```
What steps will reproduce the problem?
1. svn update to latest trunk (latest malware.py, too)
2. run apihooks module
imageinfo:
Suggested Profile(s) : WinXPSP3x86, WinXPSP2x86 (Instanti…