-
```
So currently the DTB is searched like this (basic.py):
1. Each profile has a magic signature which seems to be different for different
releases, but ends up pointing at the start of an _EPROCESS.…
-
```
Hey guys,
I noticed something strange with kdbgscan. Not sure what the issue is yet.
Potential KDBG structure addresses (P = Physical, V = Virtual):
_KDBG: V 0xf80002837070 (Win7SP1x64)
_KD…
-
```
The FileAddressSpace.read(addr, length) API doesn't handle NativeType. All
other AS (or at least most of them that I've seen) you can pass a NativeType as
the length. If you pass a NativeType to…
-
```
So currently the DTB is searched like this (basic.py):
1. Each profile has a magic signature which seems to be different for different
releases, but ends up pointing at the start of an _EPROCESS.…
-
```
Reported by Sebastien Bourdon-Richard on Vol-dev:
I'm playing with a 5GB Windows 7 SP0 64bit memory dump and I have some
problems with processes mapped over 4GB.
Pslist only shows System proces…
-
```
What steps will reproduce the problem?
1. svn update to latest trunk (latest malware.py, too)
2. run apihooks module
imageinfo:
Suggested Profile(s) : WinXPSP3x86, WinXPSP2x86 (Instanti…
-
```
linux_dmesg seems to be exiting with an error. Tested with Volatility 2.2 and
2.3_alpha on CentOS 6.3 x86 (kernel 2.6.32-279.14.1.el6.i686). Memory image
and profile available from http://deer…
-
```
I took a crack at fixing kpcrscan for x64. Here's a patch that solves some of
the potential issues, but it still doesn't work.
The patch is built on r1289 from trunk.
```
Original issue rep…
-
```
Hey guys,
I noticed something strange with kdbgscan. Not sure what the issue is yet.
Potential KDBG structure addresses (P = Physical, V = Virtual):
_KDBG: V 0xf80002837070 (Win7SP1x64)
_KD…
-
```
Traceback (most recent call last):
File "vol.py", line 130, in
main()
File "vol.py", line 121, in main
command.execute()
File "/TESTING/Volatility-1.4_rc1/volatility/commands.p…