We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
For missing Windows OS symbols :
#!/usr/bin/env python # -*- coding: utf-8 -*- # import binascii from pefile import PE pe = PE("C:\\Windows\\System32\\ntoskrnl.exe") debug = pe.DIRECTORY_ENTRY_DEBUG[0].entry guid = "{0:08X}{1:04X}{2:04X}{3}{4}".format(debug.Signature_Data1, debug.Signature_Data2, debug.Signature_Data3, binascii.hexlify(debug.Signature_Data4).decode("utf-8"), debug.Age).upper() print(guid)
pip3 install pefile==2022.5.30 yara-python capstone git clone https://github.com/volatilityfoundation/volatility3.git cd volatility3 python3 setup.py install python3 volatility3/framework/symbols/windows/pdbconv.py -f ntkrnlmp.pdb --guid $guid -o $guid.json
The text was updated successfully, but these errors were encountered:
Small fixes to work on linux:
import binascii from pefile import PE from volatility3.framework.contexts import Context from volatility3.framework.symbols.windows.pdbconv import PdbReader, PdbRetreiver pe = PE("/home/dadokkio/Downloads/ntoskrnl.exe") debug = pe.DIRECTORY_ENTRY_DEBUG[0].entry guid = "{0:08X}{1:04X}{2:04X}{3}{4}".format( debug.Signature_Data1, debug.Signature_Data2, debug.Signature_Data3, f"{debug.Signature_Data4:x}{debug.Signature_Data5:x}{binascii.hexlify(debug.Signature_Data6).decode('utf-8')}", debug.Age, ).upper() filename = PdbRetreiver().retreive_pdb( guid, file_name="ntkrnlmp.pdb", progress_callback=None ) ctxt = Context() profile = PdbReader(ctxt, filename).get_json() with open(f"{guid}.json", "w") as f: json.dump(profile, f, indent=4)
Sorry, something went wrong.
dadokkio
garanews
No branches or pull requests
For missing Windows OS symbols :
The text was updated successfully, but these errors were encountered: