Adding Offset Column to memmap Output

[GoogleCodeExporter]

The following adds another column, offset, to the output of the memmap plugin. 
This column contains the offset in the output file where the data for each 
memory run was written. This made data much easier to find when working with 
the memdump plugin output.

Original:
$ python vol.py -f xp-laptop-2005-07-04-1430.img --profile=WinXPSP2x86 memmap 
--pid=3300 

dd.exe pid:   3300
Virtual    Physical         Size
---------- ---------- ----------
0x00010000 0x1870e000     0x1000
0x00020000 0x18df7000     0x1000
0x0012e000 0x18f37000     0x1000
0x0012f000 0x1b5ba000     0x1000
0x00130000 0x1796e000     0x1000
0x00131000 0x17a1f000     0x1000
0x00140000 0x189d6000     0x1000
[...]

Patched:

$ python vol.py -f xp-laptop-2005-07-04-1430.img --profile=WinXPSP2x86 memmap 
--pid=3300 

dd.exe pid:   3300
Virtual    Physical         Size     Offset
---------- ---------- ---------- ----------
0x00010000 0x1870e000     0x1000        0x0
0x00020000 0x18df7000     0x1000     0x1000
0x0012e000 0x18f37000     0x1000     0x2000
0x0012f000 0x1b5ba000     0x1000     0x3000
0x00130000 0x1796e000     0x1000     0x4000
0x00131000 0x17a1f000     0x1000     0x5000
0x00140000 0x189d6000     0x1000     0x6000
[...]

Type-Enhancement
Priority-Low

Original issue reported on code.google.com by jessekornblum on 14 Jun 2012 at 10:39

Attachments:

• patch-taskmods-py.txt

[GoogleCodeExporter]

Original comment by michael.hale@gmail.com on 14 Jun 2012 at 2:37

• Added labels: Priority-Low, Type-Enhancement
• Removed labels: Priority-Medium, Type-Defect

[GoogleCodeExporter]

Thanks. I'm about to accept this patch, but please note the offset = 0 must be 
inside the loop in render_text or else it won't reset when mapping multiple 
processes at once. 

Original comment by michael.hale@gmail.com on 24 Jun 2012 at 7:34

[GoogleCodeExporter]

This issue was closed by revision r1905.

Original comment by michael.hale@gmail.com on 24 Jun 2012 at 7:34

• Changed state: Fixed