patch the windows handles() plugin for older no PAT systems

Author: Michael Ligh

volatility/plugins/overlays/windows/windows.py

@@ -848,6 +848,12 @@ def _make_handle_array(self, offset, level, depth = 0):
             count = 0x1000 / self.obj_vm.profile.get_obj_size("_HANDLE_TABLE_ENTRY")
             targetType = "_HANDLE_TABLE_ENTRY"
 
+        # as seen on an XP 32-bit system with no PAT, the kernel address 0 can
+        # be valid, leading to successful instantiation of a handle array at
+        # address zero, and lots of wasted resources from then on. stop it here.
+        if offset == 0:
+            raise StopIteration
+
         table = obj.Object("Array", offset = offset, vm = self.obj_vm, count = count,
                            targetType = targetType, parent = self, native_vm = self.obj_native_vm)