Mathieu Tarral
Mathieu Tarral
Windows has 2 main SSDT : the NT and the win32k syscall tables. To differentiate between them, Windows sets a prefix which will should which SSDT to use for a...
Install docopt from your package manager. It's available in your distro. Also nitro is python3 but you are using pip2 not pip3 here
You need docopt for python2 also. Nitro is calling a symbols.py python2 with subprocess which imports docopt.
`which rekall` ? How did you install it ?
You have installed the python3 release of Rekall. However our `symbols.py` is Python2, and therefore searches for Rekall modules in the Python2 search path. You can use the same commands...
Reason we have not switched to Rekall python3 is that the latest official release contains some bugs that are only fixed in the upstream git repository. We are waiting for...
Just post-process the JSON with Python.
The PR #11 brings a first answer to this issue. The syscall class has now an `ArgumentMap`, which hides the translation of the OS convention. It is defined in this...
Bug still present as of today. When uploading a directory containing a socket file, `upload-artifact@v3` fails and throws an `ENXIO` error. Is there a fix planned ? Thanks !
> Currently, there should be a kafl.yaml in the edk2 example folder that sets qemu_append option to empty string, and I think qemu.py is looking out for that. Ideally this...