[Vol-users] New and Updated Volatility Plug-ins
awalters at 4tphi.net
Wed Jul 22 00:31:03 CDT 2009
Volatility contributor Michael Hale Ligh has recently released a number of
new and updated plugins.
* idt.py: printing the Interrupt Descriptor Table (IDT) addresses
* driverirp.py: printing driver IRP function addresses
* usermode_hooks2.py: updated usermode hook detection plug-in
* kernel_hooks.py: detects IAT, EAT, and in-line hooks in kernel
* orphan_threads.py: detects hidden system/kernel threads
* malfind2.py: updated plugin for detecting hidden/injected code in
His blog post also demonstrates how each plugin can be useful for
detecting different types of malware. Please take some time to test these
plugins and send Michael any feedback you may have. Shouts to MHL for his
contributions to the Volatility community!
More information about the Vol-users