I saw no hatred in the post you replied to.
OpenBSD developers are Makers, not Takers. They code for OpenBSD for
themselves, not for the user community.
The point is you should spend some time trying to contribute before you start
asking for some "feature".
I've been a user for 25 years and really appreciate all the work the developers
have done during that time. In that time I've also contributed a very
microscopic bit of bug fixes.
diana
On August 19, 2023 4:05:41 AM MDT, whistlez <whistlez...@riseup.net> wrote:
>Il 2023-08-18 19:42 Mike Larkin ha scritto:
>I honestly don't understand this hatred. I call it that because I refuse
>to accept that you didn't understand the question. Volatility has no
>plugin to interpret a ram dump on openbsd and so having only the dump is
>totally useless. If you really don't understand I'll paste the
>volatility help to show you that there are no plugins for openbsd but
>only for linux, windows and mac.
>
>$ vol --help
>Volatility 3 Framework 1.0.0-beta.1
>usage: volatility [-h] [-c CONFIG] [--parallelism
>[{processes,threads,off}]] [-e EXTEND] [-p PLUGIN_DIRS] [-s SYMBOL_DIRS]
>[-v] [-l LOG] [-o OUTPUT_DIR] [-q]
> [-r RENDERER] [-f FILE] [--write-config]
>[--clear-cache] [--single-location SINGLE_LOCATION]
>[--single-swap-locations SINGLE_SWAP_LOCATIONS]
> plugin ...
>
>An open-source memory forensics framework
>
>optional arguments:
> -h, --help show this help message and exit
> -c CONFIG, --config CONFIG
> Load the configuration from a json file
> --parallelism [{processes,threads,off}]
> Enables parallelism (defaults to processes if no
>argument given)
> -e EXTEND, --extend EXTEND
> Extend the configuration with a new (or changed)
>setting
> -p PLUGIN_DIRS, --plugin-dirs PLUGIN_DIRS
> Semi-colon separated list of paths to find
>plugins
> -s SYMBOL_DIRS, --symbol-dirs SYMBOL_DIRS
> Semi-colon separated list of paths to find
>symbols
> -v, --verbosity Increase output verbosity
> -l LOG, --log LOG Log output to a file as well as the console
> -o OUTPUT_DIR, --output-dir OUTPUT_DIR
> Directory in which to output any generated files
> -q, --quiet Remove progress feedback
> -r RENDERER, --renderer RENDERER
> Determines how to render the output (quick, csv,
>pretty, json, jsonl)
> -f FILE, --file FILE Shorthand for --single-location=file:// if
>single-location is not defined
> --write-config Write configuration JSON file out to config.json
> --clear-cache Clears out all short-term cached items
> --single-location SINGLE_LOCATION
> Specifies a base location on which to stack
> --single-swap-locations SINGLE_SWAP_LOCATIONS
> Specifies a list of swap layer URIs for use with
>single-location
>
>Plugins:
> plugin
> configwriter.ConfigWriter
> Runs the automagics and both prints and outputs
>configuration in the output directory.
> frameworkinfo.FrameworkInfo
> Plugin to list the various modular components of
>Volatility
> layerwriter.LayerWriter
> Runs the automagics and writes out the primary
>layer produced by the stacker.
> linux.bash.Bash Recovers bash command history from memory.
> linux.check_afinfo.Check_afinfo
> Verifies the operation function pointers of
>network protocols.
> linux.check_syscall.Check_syscall
> Check system call table for hooks.
> linux.elfs.Elfs Lists all memory mapped ELF files for all
>processes.
> linux.lsmod.Lsmod Lists loaded kernel modules.
> linux.lsof.Lsof Lists all memory maps for all processes.
> linux.malfind.Malfind
> Lists process memory ranges that potentially
>contain injected code.
> linux.proc.Maps Lists all memory maps for all processes.
> linux.pslist.PsList
> Lists the processes present in a particular
>linux memory image.
> linux.pstree.PsTree
> Plugin for listing processes in a tree based on
>their parent process ID.
> mac.bash.Bash Recovers bash command history from memory.
> mac.check_syscall.Check_syscall
> Check system call table for hooks.
> mac.check_sysctl.Check_sysctl
> Check sysctl handlers for hooks.
> mac.check_trap_table.Check_trap_table
> Check mach trap table for hooks.
> mac.ifconfig.Ifconfig
> Lists loaded kernel modules
> mac.lsmod.Lsmod Lists loaded kernel modules.
> mac.lsof.lsof Lists all open file descriptors for all
>processes.
> mac.malfind.Malfind
> Lists process memory ranges that potentially
>contain injected code.
> mac.netstat.Netstat
> Lists all network connections for all processes.
> mac.proc_maps.Maps Lists process memory ranges that potentially
>contain injected code.
> mac.psaux.Psaux Recovers program command line arguments.
> mac.pslist.PsList Lists the processes present in a particular mac
>memory image.
> mac.pstree.PsTree Plugin for listing processes in a tree based on
>their parent process ID.
> mac.tasks.Tasks Lists the processes present in a particular mac
>memory image.
> mac.timers.Timers Check for malicious kernel timers.
> mac.trustedbsd.trustedbsd
> Checks for malicious trustedbsd modules
> timeliner.Timeliner
> Runs all relevant plugins that provide time
>related information and orders the results by time.
> windows.callbacks.Callbacks
> Lists kernel callbacks and notification
>routines.
> windows.cmdline.CmdLine
> Lists process command line arguments.
> windows.dlldump.DllDump
> Dumps process memory ranges as DLLs.
> windows.dlllist.DllList
> Lists the loaded modules in a particular windows
>memory image.
> windows.driverirp.DriverIrp
> List IRPs for drivers in a particular windows
>memory image.
> windows.driverscan.DriverScan
> Scans for drivers present in a particular
>windows memory image.
> windows.filescan.FileScan
> Scans for file objects present in a particular
>windows memory image.
> windows.handles.Handles
> Lists process open handles.
> windows.info.Info Show OS & kernel details of the memory sample
>being analyzed.
> windows.malfind.Malfind
> Lists process memory ranges that potentially
>contain injected code.
> windows.moddump.ModDump
> Dumps kernel modules.
> windows.modscan.ModScan
> Scans for modules present in a particular
>windows memory image.
> windows.modules.Modules
> Lists the loaded kernel modules.
> windows.mutantscan.MutantScan
> Scans for mutexes present in a particular
>windows memory image.
> windows.poolscanner.PoolScanner
> A generic pool scanner plugin.
> windows.procdump.ProcDump
> Dumps process executable images.
> windows.pslist.PsList
> Lists the processes present in a particular
>windows memory image.
> windows.psscan.PsScan
> Scans for processes present in a particular
>windows memory image.
> windows.pstree.PsTree
> Plugin for listing processes in a tree based on
>their parent process ID.
> windows.registry.certificates.Certificates
> Lists the certificates in the registry's
>Certificate Store.
> windows.registry.hivedump.HiveDump
> Dumps the hive files (or a specific hive) from
>an image.
> windows.registry.hivelist.HiveList
> Lists the registry hives present in a particular
>memory image.
> windows.registry.hivescan.HiveScan
> Scans for registry hives present in a particular
>windows memory image.
> windows.registry.printkey.PrintKey
> Lists the registry keys under a hive or specific
>key value.
> windows.registry.userassist.UserAssist
> Print userassist registry keys and information.
> windows.ssdt.SSDT Lists the system call table.
> windows.statistics.Statistics
> windows.strings.Strings
> Reads output from the strings command and
>indicates which process(es) each string belongs to.
> windows.svcscan.SvcScan
> Scans for windows services.
> windows.symlinkscan.SymlinkScan
> Scans for links present in a particular windows
>memory image.
> windows.vaddump.VadDump
> Dumps process memory ranges.
> windows.vadinfo.VadInfo
> Lists process memory ranges.
> windows.vadyarascan.VadYaraScan
> Scans all the Virtual Address Descriptor memory
>maps using yara.
> windows.verinfo.VerInfo
> Lists version information from PE files.
> windows.virtmap.VirtMap
> Lists virtual mapped sections.
> yarascan.YaraScan Scans kernel memory using yara rules (string or
>file).
>
