Closed resposo closed 2 months ago
Hello,
There aren't any pull requests at the moment for a psxview plugin replacement, but someone might be out there working on it on there own. There is no harm in asking on the volatility3 channel in our slack group.
This thrdscan plugin that is in the works may prove useful to you: https://github.com/volatilityfoundation/volatility3/pull/960
Perhaps you could test that and see if it illuminates something useful for you?
Might be worth seeing if @iMHLv2 had any plans to recreate it, or knows of someone that's looking for a starter plugin to try out their plugin authoring skills on... 5;)
Hey everyone,
Just wanted to give a quick heads-up that I'm working on a PsXview plugin for Volatility 3. I know a lot of folks have been missing this tool from Volatility 2 for detecting hidden processes.
It's still a work in progress, and there are a few things left to sort out, but I thought it might be useful for some of you who have been asking about it. If anyone's interested in giving it a test run or even contributing, that would be awesome! You can check out what I've got so far on my GitHub: https://github.com/MY7H404/psxview
Just to add, I'm still learning about Volatility and memory analysis. Although this is a useful plugin and can be reproduced, I have absolutely no background in memory analysis in general. The exploration I did was out of curiosity. So there is no “scientific proof” that this is the correct way to parse the content.
Thanks, and I'd love to hear any feedback or suggestions you might have!
There is a pull request for this going through review at the moment...
https://github.com/volatilityfoundation/volatility3/pull/1219
In volatility2, psxview was useful as a way to detect hidden processes. However, in volatility3, psxview does not exist, making it difficult to detect hidden processes. Is anyone porting that plugin by any chance?