volatility3 icon indicating copy to clipboard operation
volatility3 copied to clipboard
verified publisher icon volatilityfoundation

Psxview is urgently needed for volatility 3

Open resposo opened this issue 2 years ago • 2 comments

In volatility2, psxview was useful as a way to detect hidden processes. However, in volatility3, psxview does not exist, making it difficult to detect hidden processes. Is anyone porting that plugin by any chance?

resposo avatar Jun 27 '23 04:06 resposo

Hello,

There aren't any pull requests at the moment for a psxview plugin replacement, but someone might be out there working on it on there own. There is no harm in asking on the volatility3 channel in our slack group.

This thrdscan plugin that is in the works may prove useful to you: https://github.com/volatilityfoundation/volatility3/pull/960

Perhaps you could test that and see if it illuminates something useful for you?

eve-mem avatar Jun 27 '23 05:06 eve-mem

Might be worth seeing if @iMHLv2 had any plans to recreate it, or knows of someone that's looking for a starter plugin to try out their plugin authoring skills on... 5;)

ikelos avatar Jul 01 '23 19:07 ikelos