volatility icon indicating copy to clipboard operation
volatility copied to clipboard
verified publisher icon volatilityfoundation

Eventhook, Messaghook, etc. on Win10 18362

Open bentau opened this issue 5 years ago • 1 comments

Hi,

I wanted to analyse the memory of my Windows 10 virtual machine. And most of the plugins work so far. However, the eventhooks and messagehooks plugins fail and return no output. I am not an expert on Windows but it seems this is caused by the fact that gSharedInfo symbol is no longer available (due to KASLR?)

Is there already a workaround for that problem that I have missed? Or is this behaviour caused by something else?

Thanks for your help.

bentau avatar Jun 16 '20 09:06 bentau

These plugins are not fully up to date with the latest operating system versions and would require a good bit of new research to accomplish that. It is on our list of artifacts to get updated, but we do not have an expected competition time currently.

atcuno avatar Jul 08 '20 16:07 atcuno