ikelos
ikelos
Not yet I'm afraid, but something that provides a similar capability is on the cards...
Just for clarity, `memmap --dump` vol3 is the equivalent of `memdump --memory` in vol2. If you're after PE reconstruction, then we can update the issue title to be more specific.
Sounds like one for our windows expert @iMHLv2 ... 5:)
Hiya, I'm afraid we don't have an equivalent in volatility 3 that I know of, but I've added it to our plugin request list, so at least it's on our...
I've tagged our resident windows expert in case this was on his todo list... 5:)
Fair enough, you're welcome to keep this PR open if you'd like advice on it as you go? I'm not sure where other people would help to contribute to this...
Sorry, that's an extremely short description to try and diagnose the problem from? Could you please provide the requested information (notably, the command line you used to run the commands,...
Sounds like one that @japhlange might know more about?
Thanks for this! Unfortunately, I'm quite uncomfortable returning none-volatility objects in this one specific case when all of our other code returns volatility objects. It somewhat breaks expectations, and to...
So plugins should return all the data, and leave decisions on display up to the UI. If the `--safe` option doesn't hide the right things then we shouldn't include it....