Revised overrides and ensured that they're handled correctly. It's rarely used feature even in CERT.pl, but I don't really want to drop it.
Possibly fixed https://github.com/CERT-Polska/malduck/issues/81. Previously we used yarav instead of yarap that was further remapped using p2v. Everything worked when initial imgbase=p=0, so it wasn't visible in most cases.
ExtractorModules and configuration utilities are in separate modules
ProcmemExtractManager is renamed to ExtractionContext
overrides
and ensured that they're handled correctly. It's rarely used feature even in CERT.pl, but I don't really want to drop it.yarav
instead ofyarap
that was further remapped usingp2v
. Everything worked when initial imgbase=p=0, so it wasn't visible in most cases.ExtractorModules
and configuration utilities are in separate modulesProcmemExtractManager
is renamed toExtractionContext
push_procmem
into separate functions