Abyss-W4tcher
Abyss-W4tcher
Hi, could you double check the integrity of the memory dump, maybe with a sha256 provided by the CTF makers ? Could you include a run with `-vvvvv`, just after...
HI, I think you did not use the correct syntax : `python3 vol.py -vvvvv -f "C:\Users\tranh\OneDrive\ctf\WaniCTF 2024\for\chal_mem_search\chal_mem_search.DUMP" windows.filescan.FileScan`
Hi, would it be possible to acquire those "custom" made symbols tables, to investigate if a solution to directly patch the ISF before feeding it to volatility3 can be possible...
From my point of view, I think this can fit for core kernel structures, which haven't and won't likely change in many years. However, I totally understand ikelos concerns, that...
Yes I completely understand the issue with the void definition, it's just to ensure that all plugins (not only pslist) will still work with incomplete ISFs and this additional feature...
Maybe this refinement can happen in the consolidation PR, as I think it'll contextualize better. Given the current schedule I think it'll also leave us more time to fix it...
I didn't want to push too much changes into this one, given @atcuno request to include it in 2.26.1. I think the goal was to make the mandatory changes for...
I see, but using a while loop is intended by design for this NULL-terminated array. Using a for loop and constructing an array with an arbitrary size beforehand does not...
This method also stops on unreachable pointers (which includes NULL of course) through `.is_readable()` ? Here is how the kernel does it since nsections was removed: As you can see...
> > The existing machinery sometimes does not fit exactly what we want to do, which is the case here. > > I don't understand how it doesn't fit here....