search

volatilityfoundation / volatility3

Volatility 3.0 development
http://volatilityfoundation.org/
Other
2.61k stars 447 forks source link

Expose procdump and vaddump functions #111

Closed doomedraven closed 4 years ago

doomedraven commented 4 years ago

Hello would it be possible to expose vaddump and procdump and similars so they could be used in different plugins

maybe you pass an offset or pid and you get the vad/processmemory

thanks in advance

ikelos commented 4 years ago

Half done now, due to #115. Thanks! 5:)

ikelos commented 4 years ago

Did you want to submit a procdump change now or would you like us to look into it?

doomedraven commented 4 years ago

i will look into that next week, i still on vacations till next tuesday

ikelos commented 4 years ago

No problem, enjoy your holidays! I just didn't want it to get forgotten... 5;)

doomedraven commented 4 years ago

done, https://github.com/volatilityfoundation/volatility3/pull/174

doomedraven commented 4 years ago

thanks <3

ikelos commented 4 years ago

Great work, thanks @doomedraven! 5:)

doomedraven commented 4 years ago

thanks, still need to learn how to correctly specify types in func declaration

doomedraven commented 4 years ago

i also will update later my public example of vol3 plugin to use procdump