In [1]:

    

import haystack


    

In [3]:

    

f = '/home/other/outputs/vol/zeus.vmem'
pid = 676  # services.exe
from haystack.mappings import vol
mapper = vol.VolatilityProcessMapper(f, pid)
mappings = mapper.getMappings()

from haystack import abouchet
structType = abouchet.getKlass(classname)
heaps = abouchet._search(mappings, structType, fullscan=True)

for x in mappings:
    print x.start, "Signature:", hex(x.readStruct(x.start,winheap.HEAP).Signature)


    

    




An exception has occurred, use %tb to see the full traceback.

SystemExit: 2