Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can volatility use swap file when a page fault occurs? #820

Open
yarona1993 opened this issue Aug 25, 2022 · 2 comments
Open

Can volatility use swap file when a page fault occurs? #820

yarona1993 opened this issue Aug 25, 2022 · 2 comments
Labels
question

Comments

@yarona1993
Copy link

/framework/automagic/pdbscan.py - determine_valid_kernel func could fail and raise a PagedInvalidAddressException
It possible to complete the missing pages from the pagefile.sys from the machine itself
Possible use: vol.py -f /tmp/win2019.dmp -pf /tmp/pagefile.sys
@ikelos
Copy link
Member

ikelos commented Aug 25, 2022

Hi, I think you're asking about using swapfiles when they're available. This is already support in the library, and exposed through the CLI as --single-swap-locations and you must provide a list of the swap files in the order windows expects them (there can be up to 15 swap files). They must also be provided as valid URIs (so file:///path/to/pagefile.sys). Please let me know if this resolves your question so we know whether to mark this as resolved...

@paulkermann
Copy link
Contributor

@yarona1993 have a look at #778 if it does not work for you

@ikelos ikelos changed the title use pagefile.sys when page fault occur Can volatility use swap file when a page fault occurs? Jul 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ikelos @yarona1993 @paulkermann