gitter-sudo

hi, I'm experiencing an issue related to the windows.strings plugin. on a virtual box VM (OS W10) I captured RAM using both FTK tool and _VBoxManage debugvm dumpvmcore_ command strings...

thanks @ikelos , I tried using pslist and I confirm it recognizes pid of processes. about your tip: how can I check the debugging information to throubleshoot the issue?

hi,this is how I changed pslist.py by your tip: ... filter_func = lambda _: False return filter_func # FIXME: mypy #4973 or #2608 pid_list = pid_list or [] ... then...

[volatility-debug.txt](https://github.com/volatilityfoundation/volatility3/files/12215889/volatility-debug.txt) here the output; I hope it'll help

hi @ikelos,did you find any useful information?

before using the command: python3 vol.py -f mem_file -r pretty windows.strings.Strings --strings-file 'strings_file' > output_file in 'string_file' I put the output of the strings sysinternal tool in the form offset:string...

thanks @ikelos for your tip.I confirm that offsets I used were in decimal. last three days I stressed volatility and myself!!! ;) pid8012 is the process I used for string...

Hi all,any good news?

Hi. I used dwarf to create json symbols file related to the Linux kernel of the host from which I captured RAM via fmem module. Then I put the json...