-
```
This bug is probably the result of ambiguous validity checking. I did a vadinfo
on the image xp-laptop-2005-06-25.img and I could see lines like:
FileObject @823c234c FileBuffer @ f000af7e …
-
```
Relatively minor issue. I've read issues 184 and 190 which discuss the masking
out the upper 16 bits of 64-bit pointers in the v() and __eq__() functions.
However this doesn't seem intuitive t…
-
```
What steps will reproduce the problem?
1.vol.py --plugins=/usr/local/src/volatility-2.0/volatility/plugins -f
memory_dump.raw --profile=WinXPSP3x86 malfind -D malfind/ > malfind.out
2.
3.
What i…
-
```
I took a crack at fixing kpcrscan for x64. Here's a patch that solves some of
the potential issues, but it still doesn't work.
The patch is built on r1289 from trunk.
```
Original issue rep…
-
```
Hey guys,
This issue was reported to me today...wanted to get your opinion. Here's what I
know:
XP SP3
2GB memory image
Copy of the stack dump: http://pastie.org/private/yv4jobxnqopfqllogh0e…
-
```
I just let vadinfo run across all the processes and it blew up with this
backtrace:
Traceback (most recent call last):
File "vol.py", line 185, in
main()
File "vol.py", line 176, in mai…
-
```
Relatively minor issue. I've read issues 184 and 190 which discuss the masking
out the upper 16 bits of 64-bit pointers in the v() and __eq__() functions.
However this doesn't seem intuitive t…
-
```
The FileAddressSpace.read(addr, length) API doesn't handle NativeType. All
other AS (or at least most of them that I've seen) you can pass a NativeType as
the length. If you pass a NativeType to…
-
```
What steps will reproduce the problem?
1.vol.py --plugins=/usr/local/src/volatility-2.0/volatility/plugins -f
memory_dump.raw --profile=WinXPSP3x86 malfind -D malfind/ > malfind.out
2.
3.
What i…
-
```
What steps will reproduce the problem?
1.vol.py --plugins=/usr/local/src/volatility-2.0/volatility/plugins -f
memory_dump.raw --profile=WinXPSP3x86 malfind -D malfind/ > malfind.out
2.
3.
What i…