TheHermit

Same Here $ guake --support Guake Version: 3.7.0 Vte Version: 0.52.2 Vte Runtime Version: 0.52.2 -------------------------------------------------- GTK+ Version: 3.22.30 GDK Backend: GdkX11.X11Display -------------------------------------------------- Desktop Session: ubuntu -------------------------------------------------- Display: :0 RGBA...

Happy to help with any prototyping or testing.

Email sent with more detail

OK, Think I have the solution to this one. Or at least part of it. If i Check using Vol2.6 i get one match and two misses, which is what...

Ok revmap in Vol 2.6 is pretty different ``` ], 3210088448L: [True, ('kernel', None, 227660583002112) ], 1963823104L: [False, ( [unsigned int ]: 7400, [String ImageFileName ] @ 0xFFFF910B7AED6668, 1371509231616) ],...

Will open a PR but have a functional `windows.strings` compared to the vol 2.6 version. Vol 2.6 ``` thehermit@Aurora:~/volatility$ python vol.py -vvvv -f /mnt/d/Projects/command-dump-3.raw --profile=Win10x64_19041 strings --string-file /mnt/d/Projects/test.txt --pid 7400...

Nice work 😁 I can test your changes against my samples when I get home but testing a random sample I have here looks accurate to me. I can add...

I have updated https://github.com/volatilityfoundation/volatility3/pull/1043 with a combination of both sets of changes. The revmap calculations and comments from @eve-mem and the extra cols in the output yields

I agree with everything here :) The current strings plugin is broken, this "patches that" but in all my testing i have been restricting strings to a specific pid, when...

I have applied all the changes from the 2to3 conversion utility which fixes some of the basic things. But the hardest thing i was finding was with items like https://github.com/crackinglandia/pype32/blob/master/pype32/pype32.py#L146...