sk4la
commented
3 months ago My guess is that the official symbol tables do not contain the ones you need, so Volatility3 tries to fetch them from Microsoft, which is the expected behavior.
Since I do not compile these symbol tables myself, I cannot tell you if these follow the Windows release schedule.
Hey, it is being said in description that it contains The official symbol tables for Windows, macOS and GNU/Linux provided by the Volatility Foundation
But each time I run it, it downloads them from Microsoft. Reading file http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/D4145BD61FA157B5E565B1DDC67186DF1/ntkrnlmp.pdb
Why is that?