Mathieu Tarral

hi @darshantank , you are simply running into one of the possibiles initialization errors returned by LibVMI. https://github.com/libvmi/libvmi/blob/master/libvmi/libvmi.h#L93 ~~~C typedef enum vmi_init_error { VMI_INIT_ERROR_NONE, /**< No error */ VMI_INIT_ERROR_DRIVER_NOT_DETECTED, /**<...

Hi > AttributeError: 'PyVmiAddressSpace' object has no attribute 'translate' That is weird. I don't remember running into this issue with the Volatility address space before. Also, I never really used...

Otherwise I would advise to use the Rekall plugin if possible, since it's already integrated upstream, and Michael Cohen is very eager to reply and integrate new changes.

Fully implement `libvmi/libvmi_extra.h` with https://github.com/libvmi/python/pull/14

Fully implement `libvmi/slat.h` with #17

hi @aghamir , i shouldn't have included `libvmi/events.h` in the default configuration. in the meantime, you can clone the source, and remove these lines: https://github.com/libvmi/python/blob/master/libvmi/libvmi_build.py#L13 https://github.com/libvmi/python/blob/master/libvmi/libvmi_build.py#L57 I will try to...

@aghamir , i added a fix to detect `libvmi/events.h`, please check if it fixes your problem.

Well, simply because this memevent example here doesn't catch syscalls, only memory events when a certain address (symbol) is being executed.

https://github.com/libvmi/libvmi/blob/master/examples/event-example.c and https://github.com/libvmi/python/blob/master/examples/memaccess-event.py are not related.

> Hmm firstly what's meaning of gfn you need to read the libvmi headers, its the official documentation ATM: https://github.com/libvmi/libvmi/blob/48f6d8619bed4a7ab848a7bae890e1793425a92a/libvmi/events.h#L336 > how we can catch all symbol execution You would...