volatility3 icon indicating copy to clipboard operation
volatility3 copied to clipboard
verified publisher icon volatilityfoundation

Windows: add `--verbose` option for `ldrmodules` plugin.

Open digitalisx opened this issue 2 years ago • 1 comments

Description

Hello, everyone in the community! :) This PR comes from this issue (#967). It will be meaningful to re-implement the original features of volatility.

Examples

> python3 vol.py -f case.vmem windows.ldrmodules --verbose
Volatility 3 Framework 2.4.2
Progress:  100.00		PDB scanning finished
Pid	Process	Base	InLoad	InInit	InMem	MappedPath	LoadPath	InitPath	MemPath

644	services.exe	0x22ea0970000	False	False	False	\Windows\System32\ko-KR\services.exe.mui	N/A	N/A	N/A
644	services.exe	0x7ff6cee90000	True	False	True	\Windows\System32\services.exe	C:\Windows\system32\services.exe : services.exe	N/A	C:\Windows\system32\services.exe : services.exe
660	lsass.exe	0x7ffd48da0000	True	True	True	\Windows\System32\rsaenh.dll	C:\Windows\system32\rsaenh.dll : rsaenh.dll	C:\Windows\system32\rsaenh.dll : rsaenh.dll	C:\Windows\system32\rsaenh.dll : rsaenh.dll
660	lsass.exe	0x7ffd4a610000	True	True	True	\Windows\System32\rpcrt4.dll	C:\Windows\System32\RPCRT4.dll : RPCRT4.dll	C:\Windows\System32\RPCRT4.dll : RPCRT4.dll	C:\Windows\System32\RPCRT4.dll : RPCRT4.dll
760	svchost.exe	0x7ff760700000	True	False	True	\Windows\System32\svchost.exe	C:\Windows\system32\svchost.exe : svchost.exe	N/A	C:\Windows\system32\svchost.exe : svchost.exe
760	svchost.exe	0x7ffd418e0000	True	True	True	\Windows\System32\AppXDeploymentClient.dll	C:\Windows\System32\AppXDeploymentClient.dll : AppXDeploymentClient.dll	C:\Windows\System32\AppXDeploymentClient.dll : AppXDeploymentClient.dll	C:\Windows\System32\AppXDeploymentClient.dll : AppXDeploymentClient.dll
760	svchost.exe	0x7ffd48da0000	True	True	True	\Windows\System32\rsaenh.dll	C:\Windows\system32\rsaenh.dll : rsaenh.dll	C:\Windows\system32\rsaenh.dll : rsaenh.dll	C:\Windows\system32\rsaenh.dll : rsaenh.dll

digitalisx avatar Jun 15 '23 22:06 digitalisx

Thank you for your review @ikelos. The PR was quick, but I think there are a lot of things to work on while thinking about the contents of the review carefully. The response is a bit late, but this is still on my list of tasks of interest.

digitalisx avatar Jul 18 '23 12:07 digitalisx