[Vol-users] Lookup Process Name by Memory Address on Windows XP

Glenn Edwards hiddenillusion at gmail.com
Wed Nov 13 09:00:36 CST 2013


The yarascan plugin is good for this situation.

- Glenn
@hiddenillusion

:: sent from my phone, please excuse any typos ::
On Nov 13, 2013 8:41 AM, "Matthew Wong" <matthew at coredumps.net> wrote:

> Hello All,
>
> I'm new to Volatility.
>
> Say I found the string "password=hello world" somewhere in the memory, is
> there anyway for me to know which process that memory block is currently
> allocated to?
>
>
> --
> matt
>
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20131113/c86fa352/attachment.html


More information about the Vol-users mailing list