Paul Kermann
Paul Kermann
I have a unicorn instance hooking functions via the `HOOK_BLOCK` callback. In that callback I alter the stack and the IP. This method worked fine for me in versions up...
Fixes issue in PPC64 acquisition where file offset was invalid. Ram segments are added sequentially after the first one in the program header. So only after finding the first physical...
I had a case where the `PdbSignatureScanner` did find the right pdb. However due to a single paged out address in the kernel module the `is_valid` check failed which caused...
In my code I had to explicitly call the `del_layer` function to remove a python reference count to an object saved in the layer. In the runtime of the plugin...
This is a PR is instead of #694 because the rebase on that PR was a bit weird. This was tested against 32-bit and 64-bit memory dumps.
`constants.CACHE_PATH` is updated if `cache_path` is in the arguments for the cli. However `LINUX_BANNERS_PATH`, `MAC_BANNERS_PATH` and `IDENTIFIERS_PATH` are not updated accordingly. This causes those files to be created in the...
_do_get_path uses dentry.path(), which returned the name of dentry (d_name). Later, dentry.path() was changed to return a full path, but _do_get_path wasn't altered accordignly. This PR just extract the last...
A new clean PR rebased on top of develop with changes from #772 and #581.
Only after I finished this PR I saw [this](https://github.com/volatilityfoundation/volatility3/commit/796cf69b205e428385cd63dcc67dc40ce469c4a9) but either way, I added support for parsing some C++ types and a fixed a small bug that could cause fields...
Parsing bitmap crashdumps was significantly slowed down by `_context.object()` array creation. I optimised `get_buffer_long()` and `get_buffer_char()` in `framework/symbols/windows/extensions/crash.py`, by returning Python types instead of volatility objects. Additionally, crashdump bitmap of...