This plugin renders VAD information in a format similar to that of immunity debuggers "Memory Map" display window. VadIMM will attempt to display the processes ImageBase plus size and PE section information. I got a lot of help and give credit to code already written by the vol developers, particularly for the Map Types section.
https://code.google.com/p/jamaal-re-tools/source/browse/volplugins/vadimm.py
Example:
python vol.py vadimm -f be2.vmem
Volatile Systems Volatility Framework 2.2
https://code.google.com/p/jamaal-re-tools/source/browse/volplugins/vadimm.py
python vol.py vadimm -f be2.vmem
Volatile Systems Volatility Framework 2.2
No comments:
Post a Comment