Abyss-W4tcher

Plugins are ready, but actually depend on `hidden_modules`, and an additional plugin I developed named `modxview` (which is basically psxview but for modules). So, a few parts need to move...

I am still waiting on modxview plugin review, which embeds APIs for ftrace and tracepoints.

Hello, has anyone had a chance to look into a solution ? Unfortunately, all ISFs generated after Linux kernel 6.5 are currently invalid. :/

The Ubuntu (Linux) kernel includes Rust bindings for existing C APIs. It is possible to check them by looking at a sample source code : https://bugs.launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+build/26995753/+files/linux-lib-rust-6.5.0-14-generic_6.5.0-14.14_amd64.deb. Related to this issue,...

Hello, looking at a sample System.map, there is no way to tell with precision from which compile unit a symbol originates. Even if some of them are conveniently prefixed with...

Additional discussion (https://github.com/volatilityfoundation/volatility3/pull/1506#discussion_r1901386785): > Need to be really careful about this. I feel at some point soon we're going to have to go back and find all these instances that...

If you check other typedef defined in this file, you will find that none of them can be accessed in the ISF (`fd_set` for example). It seems that dwarf2json simply...

Hello, could you provide a run with `-vvvvvvv` after `vol.py` ?

Sorry, I misread and thought it had issue from an automatic `vol.py` symbols creation. Could you provide the pdb file, and from where it originates ?

Have you tried running the memory sample directly against Volatility, to see if the automatic symbols downloader worked ? I suppose you got the pdb from here : http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/8199e3319bc8404581e451b565d048b81/ntkrnlmp.pdb ?...