From 76c3f09ee45b68b4de198c81741a355a76c10a32 Mon Sep 17 00:00:00 2001 From: Fabio <pagabuc@gmail.com> Date: Mon, 24 Sep 2018 14:06:37 +0200 Subject: [PATCH] refactor in plt_hook_info to avoid to gather the mappings of the process for every elf relocation --- volatility/plugins/overlays/linux/linux.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py index dcbe2c970..9c56b29fc 100644 --- a/volatility/plugins/overlays/linux/linux.py +++ b/volatility/plugins/overlays/linux/linux.py @@ -1419,7 +1419,8 @@ def ldrmodules(self): def plt_hook_info(self): elfs = dict() - + task_proc_maps = list(self.get_proc_maps()) + for elf, elf_start, elf_end, soname, needed in self.elfs(): elfs[(self, soname)] = (elf, elf_start, elf_end, needed) @@ -1473,7 +1474,7 @@ def plt_hook_info(self): hookdesc = '' vma = None - for i in task.get_proc_maps(): + for i in task_proc_maps: if addr >= i.vm_start and addr < i.vm_end: vma = i break