search

ksanchezcld / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
1 stars 0 forks source link

Adding spaces to threads output #348

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The output of the 'threads' plugin needs some extra spaces to make the columns 
readable. Right now the label 'edx' gets caught up in the previous value, for 
example.

Using the command:

python vol.py -f foo.vmem --profile=Win7SP1x86 threads

Current:

Eip: 0x77257094
  eax=0x000000c0 ebx=0x00000000 ecx=0x75952a80edx=0x0000001a esi=0x00000290 edi=0x00000000
  eip=0x77257094 esp=0x04aef758 ebp=0x04aef7c4 err=0x00000000
  cs=0x1b ss=0x23 ds=0x23es=0x23 gs=0x00 efl=0x00000246
  dr0=0x00000000 dr1=0x00000000 dr2=0x00000000dr3=0x00000000 dr6=0x00000000 dr7=0x00000000

Fixed:

Eip: 0x77257094
  eax=0x000000c0 ebx=0x00000000 ecx=0x75952a80 edx=0x0000001a esi=0x00000290 edi=0x00000000
  eip=0x77257094 esp=0x04aef758 ebp=0x04aef7c4 err=0x00000000
  cs=0x1b ss=0x23 ds=0x23  es=0x23 gs=0x00 efl=0x00000246
  dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000

A patch is attached.

Original issue reported on code.google.com by jessekornblum on 13 Sep 2012 at 7:28

Attachments:

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r2552.

Original comment by michael.hale@gmail.com on 17 Sep 2012 at 4:51

GoogleCodeExporter commented 9 years ago 
Thanks, just used a slightly different patch because the one provided left 
double-spaces between ds and es ("ds=0x23  es=0x23").

Original comment by michael.hale@gmail.com on 17 Sep 2012 at 4:52