ikelos

So the offset returned is a virtual offset in the `primary` layer (that was scanned). You should be able to run volshell with the same options: `python volshell.py -f "memdump.mem"...

To add to the conversation about linux symbol tables, as Eve pointed out it's possible to compile your own kernel and in doing so you might change certain structures created...

@iMHLv2 could you please take a look over the KDBG decoding bits of this? I haven't done a full review yet, but the more eyes we can get on it...

Any word on this one guys?

This is still waiting on review by @awalters I'm afraid.

Your expected output doesn't match what the plugin does. All plugins within volatility 3 return a table of the results data, usually that could be used by another tool. The...

Hi @kookiecrack, since the default output renderer is the quick output, which doesn't gather the data, but returns it as quickly as possible, it may return it whilst the scans...

Hiya, probably worth checking the output of `pslist` to make sure volatility can see the processes (if there's no list there, volatility won't be able to figure it out). Other...

Hiya, given that `pslist` *does* return, you'd probably need to modify the python to see why pidlist is empty or not being hit in the filter... The debugging information I...

Hmmm, then it gets more tricky... Since we basically disabled the filter function (or made it always return False) then [this line](https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/strings.py#L166) should mean that the process list is traversed...