|
|
b1c3107c74
|
Create object in object.rs
|
2020-07-02 02:44:01 +07:00 |
|
|
|
4e67e10aee
|
Update working status for Windows 7
|
2020-07-01 00:01:12 +07:00 |
|
|
|
8cb553eb11
|
Update base code for windows 7, 8, 8.1
Because the tag is different in lower version of Windows, need to
change the tag in scan algorithm
4b29cf1986/volatility/framework/plugins/windows/poolscanner.py (L229)
|
2020-06-30 04:09:13 +07:00 |
|
|
|
abb7a70b72
|
Update
- Driver scan device tree and output more data
- Print ssdt scanning base on kernel modules traversing
|
2020-06-23 18:27:24 +07:00 |
|
|
|
0350ec46d9
|
Scan unloaded module/driver
By reversing MmLocateUnloadedDriver, we can know the algorithm
to extract name/start/end of unloaded drivers
|
2020-06-22 22:30:35 +07:00 |
|
|
|
5619048a4a
|
Update lpus feature
Traverse scan
- PsActiveProcessHead
- PsLoadedModuleList
- KiProcessListHead
- HandleTableList
pdb_store has dt(struct) to display struct
|
2020-06-22 17:45:06 +07:00 |
|
|
|
8cf91aef79
|
Update scan for kernel modules and driver
Scan kernel modules
Driver scan major functions' address
|
2020-06-22 14:52:15 +07:00 |
|
|
|
1707b301ff
|
Generalize the API for common scan and return json
|
2020-06-17 01:47:20 +07:00 |
|
|
|
060f222c0a
|
Introducing Address type
Use address type to represent address
Decompose address with ease using DriverState.decompose
|
2020-06-11 01:27:26 +07:00 |
|
|
|
7be3b2fc05
|
General updates
Driver is renamed to lpus.sys
Pdb will be downloaded ino %APPDATA%/nganhkhoa/lpus
And some little fixes
|
2020-05-20 15:02:09 +07:00 |
|
|
|
dae10a5312
|
multiple binary and code refactor
|
2020-05-19 03:52:18 +07:00 |
|
