Skip to content

Commit

Permalink
windows.pslist process name added to dumped file by default
Browse files Browse the repository at this point in the history
  • Loading branch information
616c696365 committed Oct 18, 2023
1 parent 5d43071 commit 7323bd3
Showing 1 changed file with 5 additions and 14 deletions.
19 changes: 5 additions & 14 deletions volatility3/framework/plugins/windows/pslist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,6 @@ def get_requirements(cls):
default=False,
optional=True,
),
requirements.BooleanRequirement(
name="friendly",
description="Display process name in dump filename",
default=False,
optional=True,
),
]

@classmethod
Expand All @@ -66,7 +60,6 @@ def process_dump(
pe_table_name: str,
proc: interfaces.objects.ObjectInterface,
open_method: Type[interfaces.plugins.FileHandlerInterface],
friendly: bool = False,
) -> interfaces.plugins.FileHandlerInterface:
"""Extracts the complete data for a process as a FileHandlerInterface
Expand Down Expand Up @@ -103,14 +96,13 @@ def process_dump(
max_length=proc.ImageFileName.vol.count,
errors="replace",
)
if friendly:
file_handle = open_method(

file_handle = open_method(
open_method.sanitize_filename(
f"{proc.UniqueProcessId}.{process_name}.{peb.ImageBaseAddress:#x}.dmp"
)
else:
file_handle = open_method(
f"pid.{proc.UniqueProcessId}.{peb.ImageBaseAddress:#x}.dmp"
)
)

for offset, data in dos_header.reconstruct():
file_handle.seek(offset)
file_handle.write(data)
Expand Down Expand Up @@ -261,7 +253,6 @@ def _generator(self):
pe_table_name,
proc,
self.open,
self.config["friendly"],
)
file_output = "Error outputting file"
if file_handle:
Expand Down

0 comments on commit 7323bd3

Please sign in to comment.