Last 30 days
-
r255
(Fix up patcher plugin output.
Flush all output after each p...) committed by mike.auty
- Fix up patcher plugin output.
Flush all output after each page, so that it doesn't sit there whilst it's searching.
Fix up patcher plugin output.
Flush all output after each page, so that it doesn't sit there whilst it's searching.
Earlier this year
-
ToDo14
(TODO items for the 1.4 branch) Wiki page edited by mike.auty
- Revision r254
Edited wiki page through web user interface.
Revision r254
Edited wiki page through web user interface.
-
r253
(Fix up GPL headers and attribution.
I've attempted to inclu...) committed by mike.auty
- Fix up GPL headers and attribution.
I've attempted to include the proper attribution from code taken from
earlier versions of volatility. If I've made any mistakes (additions or
omissions), I'm sorry and do please correct them.
(cherry picked from commit edbc62625b21131e04fd9df4f8ecd71cd714a8a1)
Conflicts:
plugins/renderers/TextUI.py
plugins/renderers/XMLUI.py
volatility/UI.py
Fix up GPL headers and attribution.
I've attempted to include the proper attribution from code taken from
earlier versions of volatility. If I've made any mistakes (additions or
omissions), I'm sorry and do please correct them.
(cherry picked from commit edbc62625b21131e04fd9df4f8ecd71cd714a8a1)
Conflicts:
plugins/renderers/TextUI.py
plugins/renderers/XMLUI.py
volatility/UI.py
-
r252
(Fix up GPL headers and attribution.
I've attempted to inclu...) committed by mike.auty
- Fix up GPL headers and attribution.
I've attempted to include the proper attribution from code taken from
earlier versions of volatility. If I've made any mistakes (additions or
omissions), I'm sorry and do please correct them.
Fix up GPL headers and attribution.
I've attempted to include the proper attribution from code taken from
earlier versions of volatility. If I've made any mistakes (additions or
omissions), I'm sorry and do please correct them.
-
r251
(Make verinfo easier to call from other plugins.
(cherry pic...) committed by mike.auty
- Make verinfo easier to call from other plugins.
(cherry picked from commit 3629059d81aa5ed0349c63d4ecbeb02820af2a4f)
Make verinfo easier to call from other plugins.
(cherry picked from commit 3629059d81aa5ed0349c63d4ecbeb02820af2a4f)
-
r250
(Make verinfo easier to call from other plugins.) committed by mike.auty
- Make verinfo easier to call from other plugins.
Make verinfo easier to call from other plugins.
-
r249
(Ensure new Intel address spaces return strings.
Fixes a bug...) committed by mike.auty
- Ensure new Intel address spaces return strings.
Fixes a bug whereby memdump always expects a string, but receives None
instead.
(cherry picked from commit 5bd4cfde942e60acf6446096316a5b476d1ed0b5)
Ensure new Intel address spaces return strings.
Fixes a bug whereby memdump always expects a string, but receives None
instead.
(cherry picked from commit 5bd4cfde942e60acf6446096316a5b476d1ed0b5)
-
r248
(Ensure new Intel address spaces return strings.
Fixes a bug...) committed by mike.auty
- Ensure new Intel address spaces return strings.
Fixes a bug whereby memdump always expects a string, but receives None
instead.
Ensure new Intel address spaces return strings.
Fixes a bug whereby memdump always expects a string, but receives None
instead.
-
r247
(Fix vad object issues.
Allowed attributes to be created aft...) committed by mike.auty
- Fix vad object issues.
Allowed attributes to be created after object initialization.
Added increased error checking (throws an error when setting an
attribute isn't handled).
Added config to obj's imports, since config.WRITE's used inside obj.
(cherry picked from commit 9ea7cc7b9b5e6d8ba2e8f1694c0033f544729ad4)
Fix vad object issues.
Allowed attributes to be created after object initialization.
Added increased error checking (throws an error when setting an
attribute isn't handled).
Added config to obj's imports, since config.WRITE's used inside obj.
(cherry picked from commit 9ea7cc7b9b5e6d8ba2e8f1694c0033f544729ad4)
-
r246
(Fix vad object issues.
Allowed attributes to be created aft...) committed by mike.auty
- Fix vad object issues.
Allowed attributes to be created after object initialization.
Added increased error checking (throws an error when setting an
attribute isn't handled).
Added config to obj's imports, since config.WRITE's used inside obj.
Fix vad object issues.
Allowed attributes to be created after object initialization.
Added increased error checking (throws an error when setting an
attribute isn't handled).
Added config to obj's imports, since config.WRITE's used inside obj.
-
r245
(Fix up filename/URL handling for windows.
Use urllib's url2...) committed by mike.auty
- Fix up filename/URL handling for windows.
Use urllib's url2pathname and pathname2url since urlparse doesn't
correctly interpret windows paths.
(cherry picked from commit 546dd3508be33e8a39672f354dbc2023c6930772)
Fix up filename/URL handling for windows.
Use urllib's url2pathname and pathname2url since urlparse doesn't
correctly interpret windows paths.
(cherry picked from commit 546dd3508be33e8a39672f354dbc2023c6930772)
-
r244
(Fix up filename/URL handling for windows.
Use urllib's url2...) committed by mike.auty
- Fix up filename/URL handling for windows.
Use urllib's url2pathname and pathname2url since urlparse doesn't
correctly interpret windows paths.
Fix up filename/URL handling for windows.
Use urllib's url2pathname and pathname2url since urlparse doesn't
correctly interpret windows paths.
-
r243
(Add in bugfix for sockscan2 issue.
Sockscan2 on certain ima...) committed by mike.auty
- Add in bugfix for sockscan2 issue.
Sockscan2 on certain images would create a buffer address space of a
particular size, then try to locate objects within it. If the object
started late on in the buffer, the scanner would try and access objects
beyond the end of the buffer. Read would return '' rather than None,
and cause an Exception.
This initial fix ensures that obj reads always return None if the
address space return either None or ''.
Add in bugfix for sockscan2 issue.
Sockscan2 on certain images would create a buffer address space of a
particular size, then try to locate objects within it. If the object
started late on in the buffer, the scanner would try and access objects
beyond the end of the buffer. Read would return '' rather than None,
and cause an Exception.
This initial fix ensures that obj reads always return None if the
address space return either None or ''.
-
DocFiles
Wiki page edited by jamie.levy
- Revision r242
Edited wiki page through web user interface.
Revision r242
Edited wiki page through web user interface.
-
-
ToDo14
(TODO items for the 1.4 branch) Wiki page edited by mike.auty
- Revision r241
Edited wiki page through web user interface.
Revision r241
Edited wiki page through web user interface.
-
r240
(Add in page patcher plugin.
This plugin runs through memory...) committed by mike.auty
- Add in page patcher plugin.
This plugin runs through memory page by page.
Ensures that minimal reads are made to the address space (to ensure that
address spaces with heavy read costs, such as ieee1394, are as fast as
possible).
Support an XML input file, documented briefly at the top of the file.
(cherry picked from commit c062f19197cb031b45c4a450237fce81fc88f9c7)
Add in page patcher plugin.
This plugin runs through memory page by page.
Ensures that minimal reads are made to the address space (to ensure that
address spaces with heavy read costs, such as ieee1394, are as fast as
possible).
Support an XML input file, documented briefly at the top of the file.
(cherry picked from commit c062f19197cb031b45c4a450237fce81fc88f9c7)
-
r239
(Improve error handling in version info plugin.
Fix some typ...) committed by mike.auty
- Improve error handling in version info plugin.
Fix some typos in scan.py documentation.
(cherry picked from commit 9e29116e3e5542e86e12a9f72e9803e9fd4ed0d4)
Conflicts:
plugins/internal/verinfo.py
Improve error handling in version info plugin.
Fix some typos in scan.py documentation.
(cherry picked from commit 9e29116e3e5542e86e12a9f72e9803e9fd4ed0d4)
Conflicts:
plugins/internal/verinfo.py
-
r238
(Add in page patcher plugin.
This plugin runs through memory...) committed by mike.auty
- Add in page patcher plugin.
This plugin runs through memory page by page.
Ensures that minimal reads are made to the address space (to ensure that
address spaces with heavy read costs, such as ieee1394, are as fast as
possible).
Support an XML input file, documented briefly at the top of the file.
Add in page patcher plugin.
This plugin runs through memory page by page.
Ensures that minimal reads are made to the address space (to ensure that
address spaces with heavy read costs, such as ieee1394, are as fast as
possible).
Support an XML input file, documented briefly at the top of the file.
-
r237
(Improve error handling in version info plugin.
Fix some typ...) committed by mike.auty
- Improve error handling in version info plugin.
Fix some typos in scan.py documentation.
Improve error handling in version info plugin.
Fix some typos in scan.py documentation.
-
r236
(Fix up timestamp objects, and psscan output.
Timestamps wit...) committed by mike.auty
- Fix up timestamp objects, and psscan output.
Timestamps without a timezone (is_utc=False), mistakenly were attempted
to be displayed in localtime.
Psscan no longer includes time counters.
(cherry picked from commit 53c46c2370c249b0537e72f536b72b426ec2c237)
Fix up timestamp objects, and psscan output.
Timestamps without a timezone (is_utc=False), mistakenly were attempted
to be displayed in localtime.
Psscan no longer includes time counters.
(cherry picked from commit 53c46c2370c249b0537e72f536b72b426ec2c237)
-
r235
(Fix up timestamp objects, and psscan output.
Timestamps wit...) committed by mike.auty
- Fix up timestamp objects, and psscan output.
Timestamps without a timezone (is_utc=False), mistakenly were attempted
to be displayed in localtime.
Psscan no longer includes time counters.
Fix up timestamp objects, and psscan output.
Timestamps without a timezone (is_utc=False), mistakenly were attempted
to be displayed in localtime.
Psscan no longer includes time counters.
-
r234
(Port additional changes from experimental to Vol-1.4.
Port ...) committed by mike.auty
- Port additional changes from experimental to Vol-1.4.
Port over psscan/modscan2 timestamp changes.
Port over FormatSpec object and NoneObject formatting.
Port additional changes from experimental to Vol-1.4.
Port over psscan/modscan2 timestamp changes.
Port over FormatSpec object and NoneObject formatting.
-
r233
(Add in generic enumeration type.
This is similar to Flags, ...) committed by mike.auty
- Add in generic enumeration type.
This is similar to Flags, but accepts different specific values, rather
than a set of bits.
Also made an exception more specific.
(cherry picked from commit ce957408b516730a54ad094edb46e34e4fb85c1e)
Add in generic enumeration type.
This is similar to Flags, but accepts different specific values, rather
than a set of bits.
Also made an exception more specific.
(cherry picked from commit ce957408b516730a54ad094edb46e34e4fb85c1e)
-
r232
(Minor clean-ups to obj.
Fixed typo in error message.
Remove...) committed by mike.auty
- Minor clean-ups to obj.
Fixed typo in error message.
Removed superfluous position field from array.
(cherry picked from commit bbebf94e7877bb99b3b96f01f0b2208605726c4c)
Minor clean-ups to obj.
Fixed typo in error message.
Removed superfluous position field from array.
(cherry picked from commit bbebf94e7877bb99b3b96f01f0b2208605726c4c)
-
r231
(Completely overhaul the version information plugin.
Added a...) committed by mike.auty
- Completely overhaul the version information plugin.
Added and refined lots of structures for version information.
Since the structures aren't true C structures (variable length),
there's a fair number of custom objects with custom methods. They fit
the requirements, but it's not pretty by any means.
It should however, be an awful lot faster than recovering the whole disk
image and then using pefile.
Completely overhaul the version information plugin.
Added and refined lots of structures for version information.
Since the structures aren't true C structures (variable length),
there's a fair number of custom objects with custom methods. They fit
the requirements, but it's not pretty by any means.
It should however, be an awful lot faster than recovering the whole disk
image and then using pefile.
-
r230
(Add in generic enumeration type.
This is similar to Flags, ...) committed by mike.auty
- Add in generic enumeration type.
This is similar to Flags, but accepts different specific values, rather
than a set of bits.
Also made an exception more specific.
Add in generic enumeration type.
This is similar to Flags, but accepts different specific values, rather
than a set of bits.
Also made an exception more specific.
-
r229
(Minor clean-ups to obj.
Fixed typo in error message.
Remove...) committed by mike.auty
- Minor clean-ups to obj.
Fixed typo in error message.
Removed superfluous position field from array.
Minor clean-ups to obj.
Fixed typo in error message.
Removed superfluous position field from array.
-
r228
(Convert fileparam to a callback.
This ensures that file par...) committed by mike.auty
- Convert fileparam to a callback.
This ensures that file parameters are accepted at any time once all the
options are parsed.
(cherry picked from commit fb2fbdece6709eaf19f2ab0e8da7dfc980f19ade)
Convert fileparam to a callback.
This ensures that file parameters are accepted at any time once all the
options are parsed.
(cherry picked from commit fb2fbdece6709eaf19f2ab0e8da7dfc980f19ade)
-
r227
(Convert fileparam to a callback.
This ensures that file par...) committed by mike.auty
- Convert fileparam to a callback.
This ensures that file parameters are accepted at any time once all the
options are parsed.
Convert fileparam to a callback.
This ensures that file parameters are accepted at any time once all the
options are parsed.
-
r226
(Fix two bugs in the timezone handlers.
Massive thanks to sc...) committed by mike.auty
- Fix two bugs in the timezone handlers.
Massive thanks to scudette, without whom I'd probably never have
noticed either of these bugs. One was mktime not being the inverse of
gmtime, and the other was using fromtimestamp rather than
utcfromtimestamp.
Also some minor comment cleaning.
(cherry picked from commit 641e3458b8353c866dc7607c95c28911a4795365)
Fix two bugs in the timezone handlers.
Massive thanks to scudette, without whom I'd probably never have
noticed either of these bugs. One was mktime not being the inverse of
gmtime, and the other was using fromtimestamp rather than
utcfromtimestamp.
Also some minor comment cleaning.
(cherry picked from commit 641e3458b8353c866dc7607c95c28911a4795365)
-
r225
(Fix two bugs in the timezone handlers.
Massive thanks to sc...) committed by mike.auty
- Fix two bugs in the timezone handlers.
Massive thanks to scudette, without whom I'd probably never have
noticed either of these bugs. One was mktime not being the inverse of
gmtime, and the other was using fromtimestamp rather than
utcfromtimestamp.
Also some minor comment cleaning.
Fix two bugs in the timezone handlers.
Massive thanks to scudette, without whom I'd probably never have
noticed either of these bugs. One was mktime not being the inverse of
gmtime, and the other was using fromtimestamp rather than
utcfromtimestamp.
Also some minor comment cleaning.
-
r224
(Push the tzset changes back, now fixed.
Ok, it seems you ha...) committed by mike.auty
- Push the tzset changes back, now fixed.
Ok, it seems you have to take it from the raw source, because once it's
in a time tuple format, the TZ information's only used for tzname.
There's still an issue in that it won't display the +/-offset when set
using tzset (always displays +0000), but it's better than nothing.
Push the tzset changes back, now fixed.
Ok, it seems you have to take it from the raw source, because once it's
in a time tuple format, the TZ information's only used for tzname.
There's still an issue in that it won't display the +/-offset when set
using tzset (always displays +0000), but it's better than nothing.
-
r223
(Push the tzset changes back, now fixed.
Ok, it seems you ha...) committed by mike.auty
- Push the tzset changes back, now fixed.
Ok, it seems you have to take it from the raw source, because once it's
in a time tuple format, the TZ information's only used for tzname.
There's still an issue in that it won't display the +/-offset when set
using tzset (always displays +0000), but it's better than nothing.
(cherry picked from commit 67807d825dda64c07bdaaa342f798e2867f9ba21)
Conflicts:
volatility/timefmt.py
Push the tzset changes back, now fixed.
Ok, it seems you have to take it from the raw source, because once it's
in a time tuple format, the TZ information's only used for tzname.
There's still an issue in that it won't display the +/-offset when set
using tzset (always displays +0000), but it's better than nothing.
(cherry picked from commit 67807d825dda64c07bdaaa342f798e2867f9ba21)
Conflicts:
volatility/timefmt.py
-
r222
(Introduce timefmt module (generic) for timezones.
This modu...) committed by mike.auty
- Introduce timefmt module (generic) for timezones.
This module allows time structures to format their output according to a
user specified timezone offset. Existing timezones (such as
Europe/London) can be used with the optional pytz package.
All known UTC WinTimeStamps should specify is_utc=True at construction.
Converted over WinTimeStamp to use the new time formatting.
(cherry picked from commit 07ce72c655f078eb5459ed5e64a0cb10aa383ffa)
Conflicts:
plugins/internal/datetime-ident.py
plugins/overlays/Windows/vtypes.py
plugins/overlays/Windows/xp_sp2.py
Introduce timefmt module (generic) for timezones.
This module allows time structures to format their output according to a
user specified timezone offset. Existing timezones (such as
Europe/London) can be used with the optional pytz package.
All known UTC WinTimeStamps should specify is_utc=True at construction.
Converted over WinTimeStamp to use the new time formatting.
(cherry picked from commit 07ce72c655f078eb5459ed5e64a0cb10aa383ffa)
Conflicts:
plugins/internal/datetime-ident.py
plugins/overlays/Windows/vtypes.py
plugins/overlays/Windows/xp_sp2.py
-
r221
(Back out the time.tzset changes.
Tzset only works on unix, ...) committed by mike.auty
- Back out the time.tzset changes.
Tzset only works on unix, and doesn't actually cause localtime to alter
the timestamp, just the tzname. Use datetimes for all your time
handling needs.
Back out the time.tzset changes.
Tzset only works on unix, and doesn't actually cause localtime to alter
the timestamp, just the tzname. Use datetimes for all your time
handling needs.
-
r220
(Introduce timefmt module (generic) for timezones.
This modu...) committed by mike.auty
- Introduce timefmt module (generic) for timezones.
This module allows time structures to format their output according to a
user specified timezone offset. Existing timezones (such as
Europe/London) can be used with the optional pytz package.
All known UTC WinTimeStamps should specify is_utc=True at construction.
Converted over WinTimeStamp to use the new time formatting.
Introduce timefmt module (generic) for timezones.
This module allows time structures to format their output according to a
user specified timezone offset. Existing timezones (such as
Europe/London) can be used with the optional pytz package.
All known UTC WinTimeStamps should specify is_utc=True at construction.
Converted over WinTimeStamp to use the new time formatting.
-
r219
(Finally fix hibernation header finding.
(cherry picked from...) committed by mike.auty
- Finally fix hibernation header finding.
(cherry picked from commit f5bc865dfc1b260308250e5358817b8b4b147d91)
Finally fix hibernation header finding.
(cherry picked from commit f5bc865dfc1b260308250e5358817b8b4b147d91)
-
r218
(Finally fix hibernation header finding.) committed by mike.auty
- Finally fix hibernation header finding.
Finally fix hibernation header finding.
-
r217
(Add some fixes to help with dead hibernation files.
This is...) committed by mike.auty
- Add some fixes to help with dead hibernation files.
This is still broken, but is at least a bit better.
Import cleanup in commands.py.
(cherry picked from commit b21cfc871e046d7cba14c2fee1c9cdd67e399a51)
Add some fixes to help with dead hibernation files.
This is still broken, but is at least a bit better.
Import cleanup in commands.py.
(cherry picked from commit b21cfc871e046d7cba14c2fee1c9cdd67e399a51)
-
r216
(Ensure NoneObject respects != None as well as == None
(cher...) committed by mike.auty
- Ensure NoneObject respects != None as well as == None
(cherry picked from commit 804d2946d7d8cc7c409c5c635f21bba82d5f2969)
Ensure NoneObject respects != None as well as == None
(cherry picked from commit 804d2946d7d8cc7c409c5c635f21bba82d5f2969)
-
r215
(Fix up proxying issue on empty strings
(cherry picked from ...) committed by mike.auty
- Fix up proxying issue on empty strings
(cherry picked from commit 692c902f9c2f10101fba02de4d108bffc2b7aaae)
Fix up proxying issue on empty strings
(cherry picked from commit 692c902f9c2f10101fba02de4d108bffc2b7aaae)
-
r214
(Add some fixes to help with dead hibernation files.
This is...) committed by mike.auty
- Add some fixes to help with dead hibernation files.
This is still broken, but is at least a bit better.
Import cleanup in commands.py.
Add some fixes to help with dead hibernation files.
This is still broken, but is at least a bit better.
Import cleanup in commands.py.
-
r213
(Ensure NoneObject respects != None as well as == None) committed by mike.auty
- Ensure NoneObject respects != None as well as == None
Ensure NoneObject respects != None as well as == None
-
r212
(Fix up proxying issue on empty strings) committed by mike.auty
- Fix up proxying issue on empty strings
Fix up proxying issue on empty strings
-
r211
(Ensure strings output is indentical to previous version.
(c...) committed by mike.auty
- Ensure strings output is indentical to previous version.
(cherry picked from commit cf57af116be713fb46c60e7236e9360de3d54ee2)
Ensure strings output is indentical to previous version.
(cherry picked from commit cf57af116be713fb46c60e7236e9360de3d54ee2)
-
r210
(Improve speed of strings plugin, thanks to Adian.
Split out...) committed by mike.auty
- Improve speed of strings plugin, thanks to Adian.
Split out reverse_map function, since it may be handy?
Used get_available_pages to speed up the mapping.
Reworked parse_string function to work on both : and space separated
strings output files.
(cherry picked from commit 10821c3a4c7586a42ef64e03d3ba3a3b73e763eb)
Improve speed of strings plugin, thanks to Adian.
Split out reverse_map function, since it may be handy?
Used get_available_pages to speed up the mapping.
Reworked parse_string function to work on both : and space separated
strings output files.
(cherry picked from commit 10821c3a4c7586a42ef64e03d3ba3a3b73e763eb)
-
r209
(Ensure strings output is indentical to previous version.) committed by mike.auty
- Ensure strings output is indentical to previous version.
Ensure strings output is indentical to previous version.
-
r208
(Improve speed of strings plugin, thanks to Adian.
Split out...) committed by mike.auty
- Improve speed of strings plugin, thanks to Adian.
Split out reverse_map function, since it may be handy?
Used get_available_pages to speed up the mapping.
Reworked parse_string function to work on both : and space separated
strings output files.
Improve speed of strings plugin, thanks to Adian.
Split out reverse_map function, since it may be handy?
Used get_available_pages to speed up the mapping.
Reworked parse_string function to work on both : and space separated
strings output files.
-
r207
(Fix up the hibernation signature checker.
Thanks to moyix a...) committed by mike.auty
- Fix up the hibernation signature checker.
Thanks to moyix and msuiche.
(cherry picked from commit 36ab1ec4ad7a65e2665cfaeb78fe7faf5d530df9)
Fix up the hibernation signature checker.
Thanks to moyix and msuiche.
(cherry picked from commit 36ab1ec4ad7a65e2665cfaeb78fe7faf5d530df9)
|
