-
Is there any way to get all the symbol tables for the latest versions of windows7 to windows11 24h2 that are suitable for memprocfs? Sometimes I want to use them offline, but some symbol tables are no…
-
on
```
Apple M2 Pro
```
Am seein a funny build error....I guess we need to run Colima or something to do this on a Mac? .... maybe related to docker or xyhve /?
```
=> [amd64 2/8] RUN ar…
-
Version: v5.11.7
I am running into an issue when trying to list the contents of the `/registry/HKLM` directory using the API. I have seen the same issue with both the Python and the Java API.
P…
-
There is no real-time memory reading video about vm virtual machines on youtube. Can you tell me again how the python code is configured to read memory information through software?
-
https://github.com/ufrisk/MemProcFS/blob/98dd0d4933e1e149ba49ddc58af4202687d7a5fe/vmmrust/memprocfs/src/lib_memprocfs.rs#L1611-L1615
All of this struct's fields are `pub` and implement `Copy`, so t…
-
I'm caching pml4 right now. But when I'm using cached table, although the target process has moved its PML4, dtb.txt seems not to be updated, "progress_percent.txt" seems always to be 100%.
When I c…
-
This is what I get when running Updater.ps1 as administrator:
```
Rename-Item : Cannot rename because item at
'E:\_Tools\MemProcFS-Analyzer-v1.1.0\MemProcFS-Analyzer-v1.1.0\Tools\zircolite_win' d…
-
I would like to read the end of memory via FPGA Screamer.
pcileech.exe -device fpga dump -min 0xfffffffffff00000 -max 0xffffffffffffffff
The output is:
Current Action: Dumping Memory
Curren…
-
I know I can create a decrypted image of a drive using the FVEK, but is there a way to get the VMK and recovery key using the FVEK? I know it can be done the other way around (VMK to FVEK), but I don'…
-
FYSA, RECmd has identical `--sync` functionality similar to KAPE, EvtxECmd, and SQLECmd. That being said, the KrollBatch.reb file is no longer being maintained in favor of DFIRBatch.reb, which can be …