search

volatilityfoundation / volatility3

Volatility 3.0 development
http://volatilityfoundation.org/
Other
2.72k stars 461 forks source link

Linux: Update sockstat to render process names #1271

Closed dgmcdona closed 1 month ago

dgmcdona commented 1 month ago

Currently, process names are not displayed for sockets in the sockstat plugin, making analysis more painful than it needs to be. This updates the list_sockets classmethod and the _generator method to return the process name in addition to the PID.

Because this is changing the public interface, this commit includes a major version bump for linux.sockstat.Sockstat.

atcuno commented 1 month ago

@ikelos this is a high priority change for the October release. Also, please make sure the version bump is correct here.

gcmoreira commented 1 month ago

@ikelos This will have conflicts with https://github.com/volatilityfoundation/volatility3/pull/1263 .. depending on the order in which you want to merge them, we'll need to adjust the other accordingly.

ikelos commented 1 month ago

1263 seems much bigger, might be easier to just get this one merged and then fix up the other one if this one is urgent? I'll try and get to #1263 next, but I'm falling asleep here I'm afraid... 5:S

dgmcdona commented 1 month ago

I thought I had already bumped the version but apparently not, it's done now. There are no consumers of this plugin that require updating.