118 missing plugins threads timers

Open superponible opened this issue 1 year ago • 0 comments

Implementation of timers plugin from volatility2, with column added showing symbols within the module matching the routine address.

Offset	DueTime	Period(ms)	Signaled	Routine	Module	Symbol

0xf8057edffc40	0x000000c9:0x2d5e40c1	0	-	0xf8057edf3f40	pdc	-
0xba8ad6587800	0x000000c9:0x5742a45f	0	-	0xf8058011fb00	BTHport	-
0xba8ad4db2180	0x40002763:0x637332b1	0	-	0xf8057c1a6dc0	ntoskrnl	PopFxIdleTimeoutDpcRoutine
0xf8057ca2e820	0x00000053:0x6c0a1d5a	30000	Yes	0xf8057c125800	ntoskrnl	PopCheckForIdleness
0xba8ad66e1740	0x00000053:0x5efcaa90	16	Yes	0xf80582720b80	vm3dmp	-
0xba8ad46b5bfb	0x00000053:0x7528927e	0	-	0xf8057c1b13b0	ntoskrnl	PopThermalZoneDpc
0xf8057ca003e0	0x00000054:0xb44a1ed3	0	-	0xf8057c1429c0	ntoskrnl	CmpLazyFlushDpcRoutine
0xba8ad4d5d540	0x00000053:0x64c056bb	2000	-	0xf8057f1f3150	storport	-
0xf80582306a50	0x00000053:0x64c0598c	0	-	0xf805822c81b0	afd	DEVPKEY_Device_PowerData
0xba8ad67231b8	0x00000053:0x5f376a6c	1000	Yes	0xf8057ebb8c50	NDIS	-
0xba8ad4673e50	0x00000053:0x78e64de4	0	-	0xf8057c184d60	ntoskrnl	ExpCenturyDpcRoutine
0xf8057f4abbd0	0x00000053:0x60eeb712	0	-	0xf8057f4398f0	Ntfs	-
0xba8ad4e241c0	0x40002710:0x0158ab76	0	-	0xf8057c1a6dc0	ntoskrnl	PopFxIdleTimeoutDpcRoutine
0xf8057f2544e0	0x0000005c:0x55733d1d	0	-	0xf8057f1f3d90	storport	-
0xf8057f254620	0x0000005c:0x55733d1d	0	-	0xf8057f1f3d90	storport	-
0xba8ad4e11950	0x40002710:0x0170a209	0	-	0xf8057c1a6dc0	ntoskrnl	PopFxIdleTimeoutDpcRoutine

Jun 21 '24 20:06 superponible