Windows PsList: Fix list traversal logic

The traversal of `ActiveProcessLinks` from `PsActiveProcessHead` was
only being done in the forward direction; if for some reason
`PsActiveProcessHead` hasn't been updated to point at the 'current' list
head, entries in the backwards traversal direction will be missed.

Author: dgmcdona

volatility3/framework/plugins/windows/pslist.py

@@ -6,13 +6,13 @@
 import logging
 from typing import Callable, Iterator, List, Optional, Type
 
-from volatility3.framework import renderers, interfaces, layers, exceptions, constants
+from volatility3.framework import constants, exceptions, interfaces, layers, renderers
 from volatility3.framework.configuration import requirements
 from volatility3.framework.objects import utility
 from volatility3.framework.renderers import format_hints
 from volatility3.framework.symbols import intermed
-from volatility3.framework.symbols.windows.extensions import pe
 from volatility3.framework.symbols.windows import extensions
+from volatility3.framework.symbols.windows.extensions import pe
 from volatility3.plugins import timeliner
 
 vollog = logging.getLogger(__name__)
@@ -261,9 +261,16 @@ def list_processes(
             absolute=True,
         )
 
-        for proc in eproc.ActiveProcessLinks:
-            if not filter_func(proc):
-                yield proc
+        seen = set()
+        for forward in (True, False):
+            for proc in eproc.ActiveProcessLinks.to_list(
+                eproc.vol.type_name, "ActiveProcessLinks", forward=forward
+            ):
+                if proc.vol.offset in seen:
+                    continue
+                seen.add(proc.vol.offset)
+                if not filter_func(proc):
+                    yield proc
 
     def _generator(self):
         kernel = self.context.modules[self.config["kernel"]]