ApiHooks plugin takes too long time to scan (I think) #31
Description
>What steps will reproduce the problem?
vol.py -f d:\memimg\temp.vmem apihooks
>What is the expected output? What do you see instead?
Expected output is the same but in shorter time.
Volatile Systems Volatility Framework 1.4_rc1
Name Type Target
Value
lsass.exe[664] inline
pstorsvc.dll!PSTOREServiceMain[0x743a1459L] 0x743a1459 CALL [0x743a1010] =>>
0x77df3e57 (ADVAPI32.dll)
svchost.exe[1032] inline
cryptsvc.dll!CryptServiceMain[0x76ce1579L] 0x76ce1579 CALL [0x76ce10a0] =>>
0x77df3e57 (ADVAPI32.dll)
TOTALCMD.EXE[1976]@totalcmd.exe iat winmm.dll!*invalid*
0x0 0x7752bb33 (ole32.dll)
TOTALCMD.EXE[1976]@totalcmd.exe iat gdi32.dll!*invalid*
0x0 0x77df1576 (advapi32.dll)
TOTALCMD.EXE[1976]@totalcmd.exe iat advapi32.dll!*invalid*
0x0 0x77f1a8cb (GDI32.dll)
TOTALCMD.EXE[1976]@totalcmd.exe iat user32.dll!*invalid*
0x0 0x77dd79db (advapi32.dll)
TOTALCMD.EXE[1976]@totalcmd.exe iat user32.dll!*invalid*
0x0 0x77dd7328 (advapi32.dll)
Finished after 558.667999983 seconds
>What version of the product are you using? On what operating system?
Latest volatility + malware.py (r93). Operating system is Windows 7 64-bit.
If it should take this long, this issue can be removed.
Original issue reported on code.google.com by [email protected] on 26 Jul 2011 at 10:14