volatility3
volatility3 copied to clipboard
Published
20 hours ago •
volatilityfoundation
volatilityfoundation
#1175 - initial unloadedmodules plugin
This adds the missing volatility2 plugin unloadedmodules
$ python vol.py -f data.lime windows.unloadedmodules.UnloadedModules Name StartAddress EndAddress Time sacdrv.sys 0xfffff8057eaf0000 0xfffff8057eb0f000 2024-06-14 06:10:25.000000 hwpolicy.sys 0xfffff8057fc80000 0xfffff8057fc91000 2024-06-14 06:10:29.000000 WdBoot.sys 0xfffff8057ea10000 0xfffff8057ea1c000 2024-06-14 06:10:29.000000 KMPDC.sys 0xfffff805824f0000 0xfffff805824ff000 2024-06-14 06:10:31.000000 dam.sys 0xfffff805824d0000 0xfffff805824ec000 2024-06-14 06:10:31.000000 dump_stornvme.sys 0xfffff80580380000 0xfffff805803b7000 2024-06-14 06:10:34.000000 dump_storport.sys 0xfffff80580330000 0xfffff80580340000 2024-06-14 06:10:34.000000 WdmCompanionFilter.sys 0xfffff80582e90000 0xfffff80582e9c000 2024-06-14 06:10:40.000000 MSKSSRV.sys 0xfffff80579d10000 0xfffff80579d22000 2024-06-14 06:11:13.000000 MSKSSRV.sys 0xfffff80579da0000 0xfffff80579db2000 2024-06-14 15:57:22.000000 monitor.sys 0xfffff80579400000 0xfffff8057941c000 2024-06-14 15:57:33.000000 monitor.sys 0xfffff80579dc0000 0xfffff80579ddc000 2024-06-14 16:04:05.000000
