-
```
Traceback (most recent call last):
File "vol.py", line 130, in
main()
File "vol.py", line 121, in main
command.execute()
File "/TESTING/Volatility-1.4_rc1/volatility/commands.p…
-
```
Hey guys,
I noticed something strange with kdbgscan. Not sure what the issue is yet.
Potential KDBG structure addresses (P = Physical, V = Virtual):
_KDBG: V 0xf80002837070 (Win7SP1x64)
_KD…
-
```
Relatively minor issue. I've read issues 184 and 190 which discuss the masking
out the upper 16 bits of 64-bit pointers in the v() and __eq__() functions.
However this doesn't seem intuitive t…
-
```
So upon investigating a new plugin that has to traverse a *lot* of registry
keys. In so doing, it calls is_valid_address often which calls
HiveAddressSpace vtop, which calls the following:
sel…
-
```
Reported by Sebastien Bourdon-Richard on Vol-dev:
I'm playing with a 5GB Windows 7 SP0 64bit memory dump and I have some
problems with processes mapped over 4GB.
Pslist only shows System proces…
-
```
Traceback (most recent call last):
File "vol.py", line 130, in
main()
File "vol.py", line 121, in main
command.execute()
File "/TESTING/Volatility-1.4_rc1/volatility/commands.p…
-
```
So upon investigating a new plugin that has to traverse a *lot* of registry
keys. In so doing, it calls is_valid_address often which calls
HiveAddressSpace vtop, which calls the following:
sel…
-
```
Relatively minor issue. I've read issues 184 and 190 which discuss the masking
out the upper 16 bits of 64-bit pointers in the v() and __eq__() functions.
However this doesn't seem intuitive t…
-
```
What steps will reproduce the problem?
1.vol.py --plugins=/usr/local/src/volatility-2.0/volatility/plugins -f
memory_dump.raw --profile=WinXPSP3x86 malfind -D malfind/ > malfind.out
2.
3.
What i…
-
```
What steps will reproduce the problem?
1.vol.py --plugins=/usr/local/src/volatility-2.0/volatility/plugins -f
memory_dump.raw --profile=WinXPSP3x86 malfind -D malfind/ > malfind.out
2.
3.
What i…