add an additional sanity check to windows services, exclude those without valid service type values

Michael Ligh · Michael Ligh · commit 2c2fad914fd7 · 2019-04-01T10:18:03.000-05:00
diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
@@ -141,10 +141,12 @@ def Pid(self):
 
     def is_valid(self):
         "Check some fields for validity"
+        type_flags_max = sum([(1 << v) for v in SERVICE_TYPE_FLAGS.values()])
         return obj.CType.is_valid(self) and self.Order > 0 and \
                self.Order < 0xFFFF and \
                self.State.v() in SERVICE_STATE_ENUM and \
-               self.Start.v() in SERVICE_START_ENUM
+               self.Start.v() in SERVICE_START_ENUM and \
+               self.Type.v() < type_flags_max
 
     def traverse(self):
 
