Paul Kermann
Paul Kermann
You can use [arm_now](https://github.com/nongiach/arm_now) to do tests for powerpc and other archs as well if needed
any progress on this?
@f-block @ikelos if you provide me with the said dump I will investigate this and make this PR happen
@f-block I agree with you about the whole dynamic-offset generation thing and I think that this information should be available to the layer. Also, it looks like if the swizzle...
@digitalisx The `_KPROCESS` is the first member of the `_EPROCESS` structure so you can cast it as needed.
@digitalisx according to https://github.com/volatilityfoundation/volatility3/blob/c40e088370baa8318c5912d1eec7cb98e587045f/volatility3/framework/plugins/windows/psscan.py#L166 it should work on newer windows versions (10+) but yeah kinda sus.
Aren't you missing out on single threaded processes? We should add `sentinel=False` to the input parameter of the `to_list` function in the `get_threads`.
I had a case where running some Windows function in Unicorn with addresses retrieved from Volatility3 caused an error in the emulator because there was an indirect call which caused...
Any more work needs to be done?
@ikelos any progress on this?