Windows symbol tables for Volatility 3

Related tags

Miscellaneous volatility3
Overview

Windows Symbol Tables for Volatility 3

This repository is the Windows Symbol Table storage for Volatility 3.

How to Use

$ git clone https://github.com/JPCERTCC/Windows-Symbol-Tables.git
$ cp -R symbols/windows volatility3/volatility3/symbols

Reference

Symbol Table List

ntoskrnl version GUID-AGE OS
10.0.17763.379 8b11040a5928757b11390ac78f6b69251 Win10
10.0.17763.437 8cfb49428dc86a330ce257778e0c2f931 Win10
10.0.18326.535 616a94e33a4827b451b0e19c14c037921 Win10
10.0.18326.778 be3e0ff92c7a93433d4a950a037ef6561 Win10
10.0.18362.295 11bc9a513f1140ca359ecdf50f0122c11 Win10
10.0.18362.30 35a038b1f6e2e8caf642111e6ec66f571 Win10
10.0.18362.356 ce7ffb00c20b87500211456b3e905c471 Win10
10.0.18362.418 e0093f3aef15d58168b753c9488a40431 Win10
10.0.18362.476 90f5e1c8bbe1fe1fb8a714305ee06f361 Win10
10.0.18362.592 f3a4f64b6f639a058ad6f33155aca4f61 Win10
10.0.18362.657 84924f606dcfa4bef5c0d97c2668cf181 Win10
10.0.18362.720 2b5d086a9591c3a54729282e8f43bd821 Win10
10.0.18362.836 dca4ad4beeb4746d48f84c0125019e431 Win10
10.0.19041.1052 fc57f1c841c2c3f793d57ac134dc0efa1 Win10
10.0.19041.1110 f526dbb121425697cbbf4fb22502519f1 Win10
10.0.19041.1165 47114209a62f3b9930f6b8998dfd4a991 Win10
10.0.19041.329 bbed7c2955fbe4522aaa23f4b8677ad91 Win10
10.0.19041.388 110a2d89ed7a438feffc84f9cfdd6c001 Win10
10.0.19041.450 1c9875f76c8f0fbf3eb9a9d7c1c274061 Win10
10.0.19041.508 641f55c592201dcc4f59facc72ea54da1 Win10
10.0.19041.572 b16053724b46515388fdea9d0470d02e1 Win10
10.0.19041.630 15b12c74f0e177581b6b27dd4c5022c21 Win10
10.0.19041.685 4ef9a5375f61fe84b7eaef54bf025c0e1 Win10
10.0.19041.746 3d4400784115718818efc898413f36c41 Win10
10.0.19041.804 5278aff86c341677d7d7835c85b7b8441 Win10
10.0.19041.867 3fcc539ff307dd2d9c509206d352b9aa1 Win10
10.0.19041.928 769c521e4833ecf72e21f02bf33691a51 Win10
10.0.19041.985 992a9a48f30ec2c58b01a5934dce2d9c1 Win10
6.1.7601.24540 339e74133576439cbcdf7e0229da37731 Win7
6.3.9600.19913 22597d0b40394e23936f6a24c6c52d5b1 Win8.1
6.3.9600.19939 287e489f93aa4c6d94b9cd1469b7f9de1 Win8.1
6.3.9600.19962 06a508f37b81478e855a3542e272c0841 Win8.1
6.3.9600.19994 1e8593423c574a72be87ea4966e1377b1 Win8.1
6.3.9600.20012 bf4b4160c2cb414e9c4516da1e7b66091 Win8.1
6.3.9600.20040 c78ab9dbffed445096b4dcf7fdd6e5af1 Win8.1
6.3.9600.20065 4dc173cc51ec446e895dc545db61083e1 Win8.1
6.3.9600.20090 dfa4f6552dd34e03b16763d22438d8fa1 Win8.1
10.0.17763.2114 a1e1c9a90091da9805d0eba0470bec851 windows-2019
10.0.14393.4583 517e128f7b7c4ea79491de6b9b9ce1901 windows-2016
You might also like...
creates a batch file that uses adb to auto-install apks into the Windows Subsystem for Android and registers it as the default application to open apks.

wsa-apktool creates a batch file that uses adb to auto-install apks into the Windows Subsystem for Android and registers it as the default application

Aditya Vikram 3 Apr 5, 2022
Spyware baseado em Python para Windows que registra como atividades da janela em primeiro plano, entradas do teclado.
Spyware baseado em Python para Windows que registra como atividades da janela em primeiro plano, entradas do teclado.

Spyware baseado em Python para Windows que registra como atividades da janela em primeiro plano, entradas do teclado. Além disso, é capaz de fazer capturas de tela e executar comandos do shell em segundo plano.

Tavares 1 Oct 29, 2021
A browser login credentials thief for windows and Linux

Thief 🦹🏻 A browser login credentials thief for windows and Linux Python script to decrypt login credentials from browsers in windows or linux Decryp

Ash 1 Dec 13, 2021
Apache Superset out of box version(Windows 64-bit)

superset_app Apache Superset out of box version (Windows 64bit) prepare job download 3 files python-3.8.10-embed-amd64.zip get-pip.py python_geohash‑0

Steven Lee 9 Oct 2, 2022
Speed up your typing by some exercises in the multi-platform(Windows/Ubuntu).

Introduction This project purpose is speed up your typing by some exercises in the multi-platform(Windows/Ubuntu). Build Environment Software Environm

lyfer233 1 Mar 24, 2022
Windows Task Manager with special features, written in Python.
Windows Task Manager with special features, written in Python.

Killer That damn Chrome ⬇ Download here · 👋 Join our discord Tired of trying to kill processes with the default Windows Task Manager? Selecting one b

Nathan Araújo 49 Jan 3, 2023
AKSWINPOSTINIT -- AKS Windows node post provisioning initialization

AKSWINPOSTINIT -- AKS Windows node post provisioning initialization Features This is a tool that provides one-time powershell script initilization for

Ping He 3 Nov 25, 2021
A python API act as Control Center to control your Clevo Laptop via wmi on windows.

ClevoPyControlCenter A python API act as Control Center to control your Clevo Laptop via wmi on windows. Usage # pip3 install pymi from clevo_wmi impo

null 3 Sep 19, 2022
Generates Windows 95 and 95 OEM keys using the modulus 7 check algorithm

w95keygen-python windowskeygen.py - Generates Windows 95 and 95 OEM keys using the modulus 7 check algorithm Just download and drop in the directory y

Joshua Alto 1 Dec 6, 2021
Comments
  • No symbol files found at provided filename

    No symbol files found at provided filename

    Hi @shu-tom, Thanks you for the cool profiles list. When I am trying to run vol3 offline, I am getting:

    Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel
Level 9  volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name
Level 9  volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.Info.kernel.symbol_table_name
DEBUG    volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure
DEBUG    volatility3.framework.automagic.pdbscan: Kernel base determination - searching layer module list structure
DEBUG    volatility3.framework.automagic.pdbscan: Setting kernel_virtual_offset to 0xf80729e00000
DEBUG    volatility3.framework.symbols.windows.pdbutil: Using symbol library: ntkrnlmp.pdb/1F9BB45B28B806E4D18925C06E924B8C-1
INFO     volatility3.schemas: Dependency for validation unavailable: jsonschema
DEBUG    volatility3.schemas: All validations will report success, even with malformed input
INFO     volatility3.framework.automagic: Running automagic: KernelModule    
Level 9  volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.Info.kernel

Variable	Value
Traceback (most recent call last):
  File "/usr/bin/vol3", line 10, in <module>
    volatility3.cli.main()
  File "/opt/vol3/volatility3/cli/__init__.py", line 625, in main
    CommandLine().run()
  File "/opt/vol3/volatility3/cli/__init__.py", line 333, in run
    renderers[args.renderer]().render(constructed.run())
  File "/opt/vol3/volatility3/cli/text_renderer.py", line 178, in render
    grid.populate(visitor, outfd)
  File "/opt/vol3/volatility3/framework/renderers/__init__.py", line 212, in populate
    for (level, item) in self._generator:
  File "/opt/vol3/volatility3/framework/plugins/windows/info.py", line 158, in _generator
    kdbg = self.get_kdbg_structure(self.context, self.config_path, layer_name, symbol_table)
  File "/opt/vol3/volatility3/framework/plugins/windows/info.py", line 76, in get_kdbg_structure
    kdbg_table_name = intermed.IntermediateSymbolTable.create(context,
  File "/opt/vol3/volatility3/framework/symbols/intermed.py", line 239, in create
    raise FileNotFoundError("No symbol files found at provided filename: {}", filename)
FileNotFoundError: [Errno No symbol files found at provided filename: {}] kdbg

    Can please assist?

    opened by MariasStory 4
  • Question regarding the size of the symbols

    Question regarding the size of the symbols

    Good day. I have a question regarding the size of the symbols when I use your repo compared to downloading the zip archive from the Volatility 3 github page. The archive on the volatility 3 github page is much bigger and creates more directories in the symbols directory. Why is that? Also, once the symbols have been copied to the symbols folder, is there a command in Volatility 3 that would allow me to print the OS versions supported by the symbols instead of simply printing all the symbols names? This would be very useful. Thank you for your help.

    opened by vincentroberge 0
Owner
JPCERT Coordination Center
JPCERT/CC's official repositories maintained by staff and guests
JPCERT Coordination Center
GitHub
A Linux program to create a Windows USB stick installer from a real Windows DVD or image.

WoeUSB-ng A Linux program to create a Windows USB stick installer from a real Windows DVD or image. This package contains two programs: woeusb: A comm

Longinus 1 Nov 19, 2021
My solution for a MARL problem on a Grid Environment with Q-tables.

To run the project, run: conda create --name env python=3.7 pip install -r requirements.txt python run.py To-do: Add direction to the state space Take

Merve Noyan 12 Dec 25, 2021
Kivy program for identification & rotation sensing of objects on multi-touch tables.

ObjectViz ObjectViz is a multitouch object detection solution, enabling you to create physical markers out of any reliable multitouch solution. It's e

TangibleDisplay 8 Apr 4, 2022
Hook and simulate global keyboard events on Windows and Linux.

keyboard Take full control of your keyboard with this small Python library. Hook global events, register hotkeys, simulate key presses and much more.

BoppreH 3.2k Jan 1, 2023
Attempt at a Windows version of the plotman Chia Plot Manager system

windows plotman: an attempt to get plotman to work on windows THIS IS A BETA. Not ready for production use just yet. Almost, but not quite there yet.

null 59 May 11, 2022
WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 Release Ready

WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 Release Ready

Robert C. Maehl 5.9k Dec 31, 2022
Tomador de ramos UC automatico para Windows, Linux y macOS

auto-ramos v2.0 Tomador de ramos UC automatico para Windows, Linux y macOS Funcion Este script de Python tiene como principal objetivo hacer que la to

Open Source eUC 13 Jun 29, 2022
WinBoost: Boost your windows system.

Winboost runs a complete checkup of your entire system locating junk files, speed-reducing issues and causes of any system or application glitches or crashes. Through a lot of research and testing, we have worked out precise techniques that allow locating issues, which can be safely removed with no risk of damaging your operating system.

Smit Parmar 4 Oct 1, 2021
A python script developed to process Windows memory images based on triage type.

Overview A python script developed to process Windows memory images based on triage type. Requirements Python3 Bulk Extractor Volatility2 with Communi

CrowdStrike 245 Nov 24, 2022
Change your Windows background with this program safely & easily!

Background_Changer Table of Contents: About the Program Features Requirements Preview Credits Reach Me See Also About the Program: You can change your

Sina.f 0 Jul 14, 2022