ikelos

Ok, so `ModuleRequirements` differ from `TranslationLayerRequirements` and `SymbolTableRequirements`, in that they didn't have a class and therefore there was only ever expected to be one `Module` class. Since we're now...

`symbols_as_dict` would be ok (but might be overkill), but `update_symbol` is very bad. It could lead to two runs with the same context and symbol tables giving different results. It...

I see, thanks for the explanation. The reason for my caution is because we tried this tactic originally with the ASLR shifting (so a whole symbol table was shifted) and...

Well, the idea would be you'd have something like: ``` module_normal = module("symbol_table", offset = first_offset) module_weird = module("symbol_table", offset = second_offset) ``` and then you can do ``` normal_symbol...

Sure, and I'm happy for you to provide an extra class that can make the decisions for them, but it needs to be extra and something they can clearly read...

@iMHLv2 could you give this a scan over to check there's nothing subtle I've missed please?

Hi there, volatility doesn't really do memory acquisition, so I assume you're asking about extracting a processes memory and writing it into a valid minidump file? We don't currently have...

There are already plugins for interacting with LSASS and dumping credentials? (See windows.hashdump and windows.lsadump) Is there a specific reason for wanting to carve the data out of memory into...

Ok, that seems a reasonable request then. We'll leave this open but it's quite a niche case and therefore not necessarily a priority for the foundation I'm afraid...

That sounds like the best course of action, that way people can find and use the code if they want it, but it's clearly not part of the main codebase....