ikelos

I'm afraid not, there's nothing unusual in the debug output, so it's possible the contents of the strings file don't accurately reflect the correct offsets? It might also be worth...

I was concerned that strings might output hex offsets, or something, but they need to be in decimal. I think strings takes `-td` to make sure it's in decimal. Otherwise...

I've given it a review and it needs a couple of things smoothing over, but just to add here. Matching 2.6 isn't necessarily the goal, the goal is to get...

Might be worth seeing if @iMHLv2 had any plans to recreate it, or knows of someone that's looking for a starter plugin to try out their plugin authoring skills on......

Could you please clarify what you mean by that? I assume you mean Control Flow Guard? In that case it looks like that's stored in the PE header of the...

Hi there, so the registry is a complex tree structure, that has many different types of nodes. The node type that can have child nodes (subkeys) is called a `CM_KEY_NODE`....

@grook14 please could you attach the config so we can check it over. It's possible that the plugin you're trying either does or doesn't use the newer `module` requirement, in...

I don't know enough about the structures to know the difference between a `tgid` and a `pid`. I'm happy to defer to @atcuno decision on this front?

There was a suggestion at one point of potentially abstracting the concept of a process *from any operating system* into a single class in some way, but I dunno if...

I believe we already have a semi-consistent way of adding process layers. It might be we just define an asbtract interface, and make sure the _EPROCESS and whatever the linux...