Gustavo Moreira

Last but not least, do you have a way to test what I mentioned in the description? maybe @atcuno can help with that - [PdbMSFStream::maximum_address](https://github.com/volatilityfoundation/volatility3/blob/1c5c57e1550f156844543ff2e54660095e75eb2c/volatility3/framework/layers/msf.py#L257) looks like it's also wrongly...

Yeah, probably better merge it as is, and we can always create a new ticket for the other changes. Thanks

Cool, I can test these plugins if you need it. Thanks

Hi @PNW-Hacker you have to use the linux.pagecache.InodePages ```shell; $ ./vol.py -f ./ubuntu-4.9.0-19-32bit.core linux.pagecache.InodePages --inode 0xf6fd30b0 --dump system.journal Volatility 3 Framework 2.7.1 PageVAddr PagePAddr MappingAddr Index DumpSafe Flags 0xf5e9be90 0x7bf84000...

Are you using the latest dwarf2json version?

@PNW-Hacker It looks like your ISF is bad but I would need more information. Unfortunately, this ticket is a feature request, not a bug report ticket. I can help you...

Hey @SolitudePy , > Is your feature request related to a problem? Please describe. > Cant extract any file or process from a memory sample with the linux plugins >...

@atcuno

Hey @ikelos > linux.lsof and linux.pagecache define an FDUser and InodeUser dataclass, respectively. The documentation in linux.lsof says that a function returns an InodeUser when it doesn't, although some of...

Hey @ikelos Yeah, Unfortunately, it requires the types associated with the symbols. If they're not available, it will fail with any other `object_from_symbol()` call, and there are many such calls...