[Forensics-changes] [volatility] 01/02: Imported Upstream version 2.5+git20161224.736bc3a
Joao Eriberto Mota Filho
eriberto at moszumanska.debian.org
Tue Dec 27 23:35:42 UTC 2016
This is an automated email from the git hooks/post-receive script.
eriberto pushed a commit to branch debian
in repository volatility.
commit 843d5620a9c25140b7135f22b0eb5e90d554a897
Author: Joao Eriberto Mota Filho <eriberto at debian.org>
Date: Tue Dec 27 21:35:25 2016 -0200
Imported Upstream version 2.5+git20161224.736bc3a
---
README.txt | 112 +++++++++++++++------------
tools/doxygen/d3/d3.js | 5 --
tools/doxygen/d3/tree.html | 2 +-
volatility/constants.py | 2 +-
volatility/plugins/overlays/linux/linux.py | 4 +-
volatility/plugins/overlays/windows/win10.py | 26 +++++--
volatility/plugins/overlays/windows/win7.py | 12 +--
volatility/plugins/overlays/windows/win8.py | 8 +-
8 files changed, 95 insertions(+), 76 deletions(-)
diff --git a/README.txt b/README.txt
index 0ca8af5..bc09fbe 100644
--- a/README.txt
+++ b/README.txt
@@ -36,7 +36,13 @@ Windows:
* 64-bit Windows 7 Service Pack 0 and 1
* 64-bit Windows 8, 8.1, and 8.1 Update 1
* 64-bit Windows Server 2012 and 2012 R2
-* 64-bit Windows 10 (initial support)
+* 64-bit Windows 10 (including at least 10.0.14393)
+* 64-bit Windows Server 2016 (including at least 10.0.14393.0)
+
+Note: Please see the guidelines at the following link for notes on
+compatibility with recently patched Windows 7 (or later) memory samples:
+
+ https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
Linux:
* 32-bit Linux kernels 2.6.11 to 4.2.3
@@ -53,6 +59,7 @@ Mac OSX:
* 64-bit 10.9.x Mavericks (there is no 32-bit version)
* 64-bit 10.10.x Yosemite (there is no 32-bit version)
* 64-bit 10.11.x El Capitan (there is no 32-bit version)
+* 64-bit 10.12.x Sierra (there is no 32-bit version)
Volatility does not provide memory sample acquisition
capabilities. For acquisition, there are both free and commercial
@@ -70,7 +77,7 @@ ability to convert between these formats:
- VirtualBox ELF64 core dump
- VMware saved state and snapshot files
- EWF format (E01)
- - LiME (Linux Memory Extractor) format
+ - LiME format
- Mach-O file format
- QEMU virtual machine dumps
- Firewire
@@ -133,7 +140,7 @@ Quick Start
Example:
$ python vol.py --info
-Volatility Foundation Volatility Framework 2.5
+Volatility Foundation Volatility Framework 2.6
Address Spaces
--------------
@@ -160,50 +167,51 @@ WindowsHiberFileSpace32 - This is a hibernate address space for windows hi
Profiles
--------
-VistaSP0x64 - A Profile for Windows Vista SP0 x64
-VistaSP0x86 - A Profile for Windows Vista SP0 x86
-VistaSP1x64 - A Profile for Windows Vista SP1 x64
-VistaSP1x86 - A Profile for Windows Vista SP1 x86
-VistaSP2x64 - A Profile for Windows Vista SP2 x64
-VistaSP2x86 - A Profile for Windows Vista SP2 x86
-Win10x64 - A Profile for Windows 10 x64
-Win10x64_1AC738FB - A Profile for Windows 10 x64 from PDB 1AC738FB
-Win10x64_DD08DD42 - A Profile for Windows 10 x64 from PDB DD08DD42
-Win10x86 - A Profile for Windows 10 x86
-Win10x86_44B89EEA - A Profile for Windows 10 x86 from PDB 44B89EEA
-Win10x86_9619274A - A Profile for Windows 10 x86 from PDB 9619274A
-Win2003SP0x86 - A Profile for Windows 2003 SP0 x86
-Win2003SP1x64 - A Profile for Windows 2003 SP1 x64
-Win2003SP1x86 - A Profile for Windows 2003 SP1 x86
-Win2003SP2x64 - A Profile for Windows 2003 SP2 x64
-Win2003SP2x86 - A Profile for Windows 2003 SP2 x86
-Win2008R2SP0x64 - A Profile for Windows 2008 R2 SP0 x64
-Win2008R2SP1x64 - A Profile for Windows 2008 R2 SP1 x64
-Win2008R2SP1x64_632B36E0 - A Profile for Windows 2008 R2 SP1 x64 from PDB 632B36E0
-Win2008SP1x64 - A Profile for Windows 2008 SP1 x64
-Win2008SP1x86 - A Profile for Windows 2008 SP1 x86
-Win2008SP2x64 - A Profile for Windows 2008 SP2 x64
-Win2008SP2x86 - A Profile for Windows 2008 SP2 x86
-Win2012R2x64 - A Profile for Windows Server 2012 R2 x64
-Win2012R2x64_54B5A1C6 - A Profile for Windows Server 2012 R2 x64 from PDB 54B5A1C6
-Win2012x64 - A Profile for Windows Server 2012 x64
-Win7SP0x64 - A Profile for Windows 7 SP0 x64
-Win7SP0x86 - A Profile for Windows 7 SP0 x86
-Win7SP1x64 - A Profile for Windows 7 SP1 x64
-Win7SP1x64_632B36E0 - A Profile for Windows 7 SP1 x64 from PDB 632B36E0
-Win7SP1x86 - A Profile for Windows 7 SP1 x86
-Win7SP1x86_BBA98F40 - A Profile for Windows 7 SP1 x86 from PDB BBA98F40
-Win81U1x64 - A Profile for Windows 8.1 Update 1 x64
-Win81U1x86 - A Profile for Windows 8.1 Update 1 x86
-Win8SP0x64 - A Profile for Windows 8 x64
-Win8SP0x86 - A Profile for Windows 8 x86
-Win8SP1x64 - A Profile for Windows 8.1 x64
-Win8SP1x64_54B5A1C6 - A Profile for Windows 8.1 x64 from PDB 54B5A1C6
-Win8SP1x86 - A Profile for Windows 8.1 x86
-WinXPSP1x64 - A Profile for Windows XP SP1 x64
-WinXPSP2x64 - A Profile for Windows XP SP2 x64
-WinXPSP2x86 - A Profile for Windows XP SP2 x86
-WinXPSP3x86 - A Profile for Windows XP SP3 x86
+VistaSP0x64 - A Profile for Windows Vista SP0 x64
+VistaSP0x86 - A Profile for Windows Vista SP0 x86
+VistaSP1x64 - A Profile for Windows Vista SP1 x64
+VistaSP1x86 - A Profile for Windows Vista SP1 x86
+VistaSP2x64 - A Profile for Windows Vista SP2 x64
+VistaSP2x86 - A Profile for Windows Vista SP2 x86
+Win10x64 - A Profile for Windows 10 x64
+Win10x64_10586 - A Profile for Windows 10 x64 (10.0.10586.306 / 2016-04-23)
+Win10x64_14393 - A Profile for Windows 10 x64 (10.0.14393.0 / 2016-07-16)
+Win10x86 - A Profile for Windows 10 x86
+Win10x86_10586 - A Profile for Windows 10 x86 (10.0.10586.420 / 2016-05-28)
+Win10x86_14393 - A Profile for Windows 10 x86 (10.0.14393.0 / 2016-07-16)
+Win2003SP0x86 - A Profile for Windows 2003 SP0 x86
+Win2003SP1x64 - A Profile for Windows 2003 SP1 x64
+Win2003SP1x86 - A Profile for Windows 2003 SP1 x86
+Win2003SP2x64 - A Profile for Windows 2003 SP2 x64
+Win2003SP2x86 - A Profile for Windows 2003 SP2 x86
+Win2008R2SP0x64 - A Profile for Windows 2008 R2 SP0 x64
+Win2008R2SP1x64 - A Profile for Windows 2008 R2 SP1 x64
+Win2008R2SP1x64_23418 - A Profile for Windows 2008 R2 SP1 x64 (6.1.7601.23418 / 2016-04-09)
+Win2008SP1x64 - A Profile for Windows 2008 SP1 x64
+Win2008SP1x86 - A Profile for Windows 2008 SP1 x86
+Win2008SP2x64 - A Profile for Windows 2008 SP2 x64
+Win2008SP2x86 - A Profile for Windows 2008 SP2 x86
+Win2012R2x64 - A Profile for Windows Server 2012 R2 x64
+Win2012R2x64_18340 - A Profile for Windows Server 2012 R2 x64 (6.3.9600.18340 / 2016-05-13)
+Win2012x64 - A Profile for Windows Server 2012 x64
+Win2016x64_14393 - A Profile for Windows Server 2016 x64 (10.0.14393.0 / 2016-07-16)
+Win7SP0x64 - A Profile for Windows 7 SP0 x64
+Win7SP0x86 - A Profile for Windows 7 SP0 x86
+Win7SP1x64 - A Profile for Windows 7 SP1 x64
+Win7SP1x64_23418 - A Profile for Windows 7 SP1 x64 (6.1.7601.23418 / 2016-04-09)
+Win7SP1x86 - A Profile for Windows 7 SP1 x86
+Win7SP1x86_23418 - A Profile for Windows 7 SP1 x86 (6.1.7601.23418 / 2016-04-09)
+Win81U1x64 - A Profile for Windows 8.1 Update 1 x64
+Win81U1x86 - A Profile for Windows 8.1 Update 1 x86
+Win8SP0x64 - A Profile for Windows 8 x64
+Win8SP0x86 - A Profile for Windows 8 x86
+Win8SP1x64 - A Profile for Windows 8.1 x64
+Win8SP1x64_18340 - A Profile for Windows 8.1 x64 (6.3.9600.18340 / 2016-05-13)
+Win8SP1x86 - A Profile for Windows 8.1 x86
+WinXPSP1x64 - A Profile for Windows XP SP1 x64
+WinXPSP2x64 - A Profile for Windows XP SP2 x64
+WinXPSP2x86 - A Profile for Windows XP SP2 x86
+WinXPSP3x86 - A Profile for Windows XP SP3 x86
Plugins
-------
@@ -263,6 +271,7 @@ ldrmodules - Detect unlinked DLLs
limeinfo - Dump Lime file format information
linux_apihooks - Checks for userland apihooks
linux_arp - Print the ARP table
+linux_aslr_shift - Automatically detect the Linux ASLR shift
linux_banner - Prints the Linux banner information
linux_bash - Recover bash history from bash process memory
linux_bash_env - Recover a process' dynamic environment variables
@@ -478,7 +487,7 @@ yarascan - Scan process or kernel memory with Yara signatures
Example:
$ python vol.py imageinfo -f WIN-II7VOJTUNGL-20120324-193051.raw
- Volatility Foundation Volatility Framework 2.5
+ Volatility Foundation Volatility Framework 2.6
Determining profile based on KDBG search...
Suggested Profile(s) : Win2008R2SP0x64, Win7SP1x64, Win7SP0x64, Win2008R2SP1x64 (Instantiated with Win7SP0x64)
@@ -494,6 +503,11 @@ yarascan - Scan process or kernel memory with Yara signatures
Image date and time : 2012-03-24 19:30:53 UTC+0000
Image local date and time : 2012-03-25 03:30:53 +0800
+ If multiple profiles are suggested by imageinfo or kdbgscan, or if you're having trouble analyzing
+ Windows 7 or later memory samples, please see the guidelines here:
+
+ https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
+
4. Run some other plugins. -f is a required option for all plugins. Some
also require/accept other options. Run "python vol.py <plugin> -h" for
more information on a particular command. A Command Reference wiki
@@ -508,7 +522,7 @@ yarascan - Scan process or kernel memory with Yara signatures
Licensing and Copyright
=======================
-Copyright (C) 2007-2015 Volatility Foundation
+Copyright (C) 2007-2016 Volatility Foundation
All Rights Reserved
diff --git a/tools/doxygen/d3/d3.js b/tools/doxygen/d3/d3.js
deleted file mode 100644
index 88550ae..0000000
--- a/tools/doxygen/d3/d3.js
+++ /dev/null
@@ -1,5 +0,0 @@
-!function(){function n(n,t){return t>n?-1:n>t?1:n>=t?0:0/0}function t(n){return null!=n&&!isNaN(n)}function e(n){return{left:function(t,e,r,u){for(arguments.length<3&&(r=0),arguments.length<4&&(u=t.length);u>r;){var i=r+u>>>1;n(t[i],e)<0?r=i+1:u=i}return r},right:function(t,e,r,u){for(arguments.length<3&&(r=0),arguments.length<4&&(u=t.length);u>r;){var i=r+u>>>1;n(t[i],e)>0?u=i:r=i+1}return r}}}function r(n){return n.length}function u(n){for(var t=1;n*t%1;)t*=10;return t}function i(n,t){ [...]
-return t.precision=function(n){return arguments.length?(a=(i=n*n)>0&&16,t):Math.sqrt(i)},t}function Ge(n){var t=Je(function(t,e){return n([t*Ca,e*Ca])});return function(n){return er(t(n))}}function Ke(n){this.stream=n}function Qe(n,t){return{point:t,sphere:function(){n.sphere()},lineStart:function(){n.lineStart()},lineEnd:function(){n.lineEnd()},polygonStart:function(){n.polygonStart()},polygonEnd:function(){n.polygonEnd()}}}function nr(n){return tr(function(){return n})()}function tr(n) [...]
-return o>=1?(i.event&&i.event.end.call(n,l,t),s()):void 0}function s(){return--u.count?delete u[e]:delete n.__transition__,1}var l=n.__data__,f=i.ease,h=i.delay,g=i.duration,p=Ba,v=[];return p.t=h+a,r>=h?o(r-h):(p.c=o,void 0)},0,a)}}function Uo(n,t){n.attr("transform",function(n){return"translate("+t(n)+",0)"})}function jo(n,t){n.attr("transform",function(n){return"translate(0,"+t(n)+")"})}function Ho(n){return n.toISOString()}function Fo(n,t,e){function r(t){return n(t)}function u(n,e){ [...]
-for(var o,e,p=-1/0,t=i.length-1,r=0,u=i[t];t>=r;u=e,++r)e=i[r],(o=a(u[1],e[0]))>p&&(p=o,l=e[0],h=u[1])}return x=M=null,1/0===l||1/0===f?[[0/0,0/0],[0/0,0/0]]:[[l,f],[h,g]]}}(),Zo.geo.centroid=function(n){hc=gc=pc=vc=dc=mc=yc=xc=Mc=_c=bc=0,Zo.geo.stream(n,wc);var t=Mc,e=_c,r=bc,u=t*t+e*e+r*r;return Ea>u&&(t=mc,e=yc,r=xc,ka>gc&&(t=pc,e=vc,r=dc),u=t*t+e*e+r*r,Ea>u)?[0/0,0/0]:[Math.atan2(e,t)*Ca,G(r/Math.sqrt(u))*Ca]};var hc,gc,pc,vc,dc,mc,yc,xc,Mc,_c,bc,wc={sphere:v,point:ye,lineStart:Me,li [...]
-return c>=ys?n?"M0,"+i+"A"+i+","+i+" 0 1,1 0,"+-i+"A"+i+","+i+" 0 1,1 0,"+i+"M0,"+n+"A"+n+","+n+" 0 1,0 0,"+-n+"A"+n+","+n+" 0 1,0 0,"+n+"Z":"M0,"+i+"A"+i+","+i+" 0 1,1 0,"+-i+"A"+i+","+i+" 0 1,1 0,"+i+"Z":n?"M"+i*l+","+i*f+"A"+i+","+i+" 0 "+s+",1 "+i*h+","+i*g+"L"+n*h+","+n*g+"A"+n+","+n+" 0 "+s+",0 "+n*l+","+n*f+"Z":"M"+i*l+","+i*f+"A"+i+","+i+" 0 "+s+",1 "+i*h+","+i*g+"L0,0"+"Z"}var t=Qi,e=no,r=to,u=eo;return n.innerRadius=function(e){return arguments.length?(t=bt(e),n):t},n.outerRadi [...]
\ No newline at end of file
diff --git a/tools/doxygen/d3/tree.html b/tools/doxygen/d3/tree.html
index 72cd462..18b6db5 100644
--- a/tools/doxygen/d3/tree.html
+++ b/tools/doxygen/d3/tree.html
@@ -25,7 +25,7 @@
</style>
<body>
-<script src="d3.js"></script>
+<script src="https://d3js.org/d3.v3.min.js"></script>
<script>
var margin = {top: 20, right: 120, bottom: 20, left: 120},
diff --git a/volatility/constants.py b/volatility/constants.py
index 0e6e09a..6d1044f 100644
--- a/volatility/constants.py
+++ b/volatility/constants.py
@@ -23,7 +23,7 @@
import os, sys
-VERSION = "2.5"
+VERSION = "2.6"
SCAN_BLOCKSIZE = 1024 * 1024 * 10
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 99120df..a1ba467 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -831,7 +831,7 @@ class module_struct(obj.CType):
@property
def module_core(self):
if hasattr(self, "core_layout"):
- ret = self.m("core_layout").m("size")
+ ret = self.m("core_layout").m("base")
else:
ret = self.m("module_core")
@@ -840,7 +840,7 @@ class module_struct(obj.CType):
@property
def module_init(self):
if hasattr(self, "init_layout"):
- ret = self.m("init_layout").m("size")
+ ret = self.m("init_layout").m("base")
else:
ret = self.m("module_init")
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index d6954e8..5072337 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -546,8 +546,8 @@ class Win10x64(obj.Profile):
_md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_vtypes'
_md_product = ["NtProductWinNt"]
-class Win10x64_1AC738FB(obj.Profile):
- """ A Profile for Windows 10 x64 from PDB 1AC738FB"""
+class Win10x64_10586(obj.Profile):
+ """ A Profile for Windows 10 x64 (10.0.10586.306 / 2016-04-23) """
_md_memory_model = '64bit'
_md_os = 'windows'
_md_major = 6
@@ -556,8 +556,8 @@ class Win10x64_1AC738FB(obj.Profile):
_md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
_md_product = ["NtProductWinNt"]
-class Win10x64_DD08DD42(obj.Profile):
- """ A Profile for Windows 10 x64 from PDB DD08DD42"""
+class Win10x64_14393(obj.Profile):
+ """ A Profile for Windows 10 x64 (10.0.14393.0 / 2016-07-16) """
_md_memory_model = '64bit'
_md_os = 'windows'
_md_major = 6
@@ -576,8 +576,8 @@ class Win10x86(obj.Profile):
_md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_vtypes'
_md_product = ["NtProductWinNt"]
-class Win10x86_44B89EEA(obj.Profile):
- """ A Profile for Windows 10 x86 from PDB 44B89EEA"""
+class Win10x86_10586(obj.Profile):
+ """ A Profile for Windows 10 x86 (10.0.10586.420 / 2016-05-28) """
_md_memory_model = '32bit'
_md_os = 'windows'
_md_major = 6
@@ -586,8 +586,8 @@ class Win10x86_44B89EEA(obj.Profile):
_md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_44B89EEA_vtypes'
_md_product = ["NtProductWinNt"]
-class Win10x86_9619274A(obj.Profile):
- """ A Profile for Windows 10 x86 from PDB 9619274A"""
+class Win10x86_14393(obj.Profile):
+ """ A Profile for Windows 10 x86 (10.0.14393.0 / 2016-07-16) """
_md_memory_model = '32bit'
_md_os = 'windows'
_md_major = 6
@@ -595,3 +595,13 @@ class Win10x86_9619274A(obj.Profile):
_md_build = 14393
_md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_9619274A_vtypes'
_md_product = ["NtProductWinNt"]
+
+class Win2016x64_14393(Win10x64_14393):
+ """ A Profile for Windows Server 2016 x64 (10.0.14393.0 / 2016-07-16) """
+ _md_memory_model = '64bit'
+ _md_os = 'windows'
+ _md_major = 6
+ _md_minor = 4
+ _md_build = 14393
+ _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_DD08DD42_vtypes'
+ _md_product = ["NtProductLanManNt", "NtProductServer"]
diff --git a/volatility/plugins/overlays/windows/win7.py b/volatility/plugins/overlays/windows/win7.py
index b450219..7c8ea05 100644
--- a/volatility/plugins/overlays/windows/win7.py
+++ b/volatility/plugins/overlays/windows/win7.py
@@ -209,8 +209,8 @@ class Win7SP1x86(obj.Profile):
_md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_vtypes'
_md_product = ["NtProductWinNt"]
-class Win7SP1x86_BBA98F40(obj.Profile):
- """ A Profile for Windows 7 SP1 x86 from PDB BBA98F40"""
+class Win7SP1x86_23418(obj.Profile):
+ """ A Profile for Windows 7 SP1 x86 (6.1.7601.23418 / 2016-04-09) """
_md_memory_model = '32bit'
_md_os = 'windows'
_md_major = 6
@@ -239,8 +239,8 @@ class Win7SP1x64(obj.Profile):
_md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_vtypes'
_md_product = ["NtProductWinNt"]
-class Win7SP1x64_632B36E0(obj.Profile):
- """ A Profile for Windows 7 SP1 x64 from PDB 632B36E0"""
+class Win7SP1x64_23418(obj.Profile):
+ """ A Profile for Windows 7 SP1 x64 (6.1.7601.23418 / 2016-04-09) """
_md_memory_model = '64bit'
_md_os = 'windows'
_md_major = 6
@@ -257,6 +257,6 @@ class Win2008R2SP1x64(Win7SP1x64):
""" A Profile for Windows 2008 R2 SP1 x64 """
_md_product = ["NtProductLanManNt", "NtProductServer"]
-class Win2008R2SP1x64_632B36E0(Win7SP1x64_632B36E0):
- """ A Profile for Windows 2008 R2 SP1 x64 from PDB 632B36E0"""
+class Win2008R2SP1x64_23418(Win7SP1x64_23418):
+ """ A Profile for Windows 2008 R2 SP1 x64 (6.1.7601.23418 / 2016-04-09) """
_md_product = ["NtProductLanManNt", "NtProductServer"]
diff --git a/volatility/plugins/overlays/windows/win8.py b/volatility/plugins/overlays/windows/win8.py
index 648dde6..c826fee 100644
--- a/volatility/plugins/overlays/windows/win8.py
+++ b/volatility/plugins/overlays/windows/win8.py
@@ -424,8 +424,8 @@ class Win8SP1x64(obj.Profile):
_md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp1_x64_vtypes'
_md_product = ["NtProductWinNt"]
-class Win8SP1x64_54B5A1C6(obj.Profile):
- """ A Profile for Windows 8.1 x64 from PDB 54B5A1C6"""
+class Win8SP1x64_18340(obj.Profile):
+ """ A Profile for Windows 8.1 x64 (6.3.9600.18340 / 2016-05-13) """
_md_memory_model = '64bit'
_md_os = 'windows'
_md_major = 6
@@ -444,8 +444,8 @@ class Win2012R2x64(Win8SP1x64):
_md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
_md_product = ["NtProductLanManNt", "NtProductServer"]
-class Win2012R2x64_54B5A1C6(Win8SP1x64_54B5A1C6):
- """ A Profile for Windows Server 2012 R2 x64 from PDB 54B5A1C6"""
+class Win2012R2x64_18340(Win8SP1x64_18340):
+ """ A Profile for Windows Server 2012 R2 x64 (6.3.9600.18340 / 2016-05-13) """
_md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
_md_product = ["NtProductLanManNt", "NtProductServer"]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/volatility.git
More information about the forensics-changes
mailing list