Code review request

[GoogleCodeExporter]

Branch name: win64-support

Purpose of code changes on this branch:
Add 64 bit support to volatility.

When reviewing my code changes, please focus on:

After the review, I'll merge this branch into:
/trunk

Original issue reported on code.google.com by scude...@gmail.com on 2 Jan 2012 at 12:14

[GoogleCodeExporter]

I haven't reviewed it fully yet (may be a few more days at least) but thought 
of something we should probably fix. 

http://code.google.com/p/volatility/source/browse/branches/win64-support/volatil
ity/plugins/filescan.py#335

Any plugins using hard-coded address for kernel mode being >= 0x80000000 should 
probably be changed. The value can be a volatility magic equaling 0x80000000 
for x86 and 0xffff0800‘00000000 for x64. 

Original comment by michael.hale@gmail.com on 4 Jan 2012 at 1:56

[GoogleCodeExporter]

The win64-support branch wasn't synced with trunk, however I think most of the 
relevant code has been ported across to trunk, and as such the branch is no 
longer necessary.  If there are any changes present that you feel are necessary 
for the stated purpose of the branch that didn't make it across, please provide 
them as patches for review and integration.

I've split off the issue MHL mentioned, since it was present before the 
win64-support branch and so isn't related.  It's now issue 187.  Marking this 
issue as done.

Original comment by mike.auty@gmail.com on 22 Jan 2012 at 7:05

• Changed state: Done