ikelos
ikelos
I'd like to know if this is a corrupted image or not before we spend time trying to "fix" something that may well not be broken. You know my views...
Sure, no problem. I don't know if the vol2 part of the problem has been solved yet? It seems like that's still open even though volatility 2 is getting less...
Hiya, there was a small issue (#135) that might have affected symbols generated in the last two days, could you please remove the file `/Users/user/Downloads/volatility3/volatility/symbols/windows/ntkrnlmp.pdb/E0093F3AEF15D58168B753C9488A4043-1.json.xz` and then re-run the plugin...
Mmmmm, we did do some work that might affect ``, but I'm not convinced it will help. You can try the `improve-pdbconv` branch to see if that resolves the issue,...
Ah, I don't suppose you'd be able to recreate the error with a memory image you'd be willing to share with us, would you? Remote debugging is usually trickier and...
Hmmm, so swapping to the `improve-pdbconv` branch generates a better pdb file (which won't fail with the `nt_symbols1!.VadFlags` error), so I'd recommend rebuilding the symbol table file regardless (swap to...
After some additional investigation by the original reporter(s) it looks like this might be a compressed memory page, which is represented in windows as the last available swap file (usually...
I'm really sorry, I'm still mulling over how best to handle referencing and interacting with C++ types and I haven't been able to spend time just sitting and thinking through...
Hi there, so the reason for not combining everything is because scanning for all possible operating systems to find the right one can be time consuming and also may result...
The metadata should be applied to the layer (I believe it'll bubble upwards, so best to ask the highest layer) as can be seen: https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/automagic/windows.py#L216 https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/automagic/linux.py#L92 https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/automagic/mac.py#L118 It is unfortunately...