I came to know from Volatility hollowfind that, they are using VAD and PEB structures to find process hollowing. In this process, I am trying to get details of VAD information from Win 10 image rekall profile with Libvmi. Then I can compare PEB and VAD structures to find discrepancies. Can anyone please help me in this regard.
-- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
