Change after 4262eff broke symbol table requirements

**Describe the bug**
Very recent versions of Volatility3 result in `Unable to validate the plugin requirements: ['<pluginname>.kernel.symbol_table_name']` for me. I think there might have been a recent breaking change. I show 4262eff  working below, so I think it was something after that, but I don't exactly what.

Apologies all, it's 23:30 here and I'm throwing this up real quick to make people aware and heading to bed.

**Context**
Volatility Version:  2.19.0 dev between commit 4262eff and ea232f5
Operating System:  Win 11 24H2 running WSL Ubuntu 24.04
Python Version:  3.12.3
Suspected Operating System:  n/a
Command: Tested with `vol -f Detected.dmp hollowp`, but any plugin seems to do it

**To Reproduce**
git clone latest as of this posting and run a plugin. The above command works, but any (at least Windows) plugin seems to as well. Also see the -vvvvv output below to see exactly how I cloned and tested against an older commit.

**Expected behavior**
Plugin works

**Example output**

Top output is the latest dev with -vvvvv. The bottom is just showing that commits up to, but not including those in the last 24 hours do work. I didn't output verbosity from that due to the volume from a working plugin.


# Current dev (ea232f5) run
```
bob@localhost:~$ git clone https://github.com/volatilityfoundation/volatility3.git
Cloning into 'volatility3'...
remote: Enumerating objects: 41125, done.
remote: Counting objects: 100% (6818/6818), done.
remote: Compressing objects: 100% (1391/1391), done.
remote: Total 41125 (delta 6237), reused 5469 (delta 5425), pack-reused 34307 (from 5)
Receiving objects: 100% (41125/41125), 8.77 MiB | 1.79 MiB/s, done.
Resolving deltas: 100% (31328/31328), done.
bob@localhost:~$ cd volatility3/
bob@localhost:~/volatility3$ python3 -m venv volv && . volv/bin/activate
(volv) bob@localhost:~/volatility3$ pip install -e .[dev]
Obtaining file:///home/bob/volatility3
  Installing build dependencies ... done
  Checking if build backend supports build_editable ... done
  Getting requirements to build editable ... done
  Preparing editable metadata (pyproject.toml) ... done
Collecting pefile>=2024.8.26 (from volatility3==2.19.0)
  Using cached pefile-2024.8.26-py3-none-any.whl.metadata (1.4 kB)
Collecting jsonschema<5,>=4.23.0 (from volatility3==2.19.0)
  Using cached jsonschema-4.23.0-py3-none-any.whl.metadata (7.9 kB)
Collecting pyinstaller<7,>=6.5.0 (from volatility3==2.19.0)
  Using cached pyinstaller-6.11.1-py3-none-manylinux2014_x86_64.whl.metadata (8.3 kB)
Collecting pyinstaller-hooks-contrib>=2024.9 (from volatility3==2.19.0)
  Using cached pyinstaller_hooks_contrib-2025.0-py3-none-any.whl.metadata (16 kB)
Collecting types-jsonschema<5,>=4.23.0 (from volatility3==2.19.0)
  Using cached types_jsonschema-4.23.0.20241208-py3-none-any.whl.metadata (2.1 kB)
Collecting attrs>=22.2.0 (from jsonschema<5,>=4.23.0->volatility3==2.19.0)
  Using cached attrs-25.1.0-py3-none-any.whl.metadata (10 kB)
Collecting jsonschema-specifications>=2023.03.6 (from jsonschema<5,>=4.23.0->volatility3==2.19.0)
  Using cached jsonschema_specifications-2024.10.1-py3-none-any.whl.metadata (3.0 kB)
Collecting referencing>=0.28.4 (from jsonschema<5,>=4.23.0->volatility3==2.19.0)
  Using cached referencing-0.36.2-py3-none-any.whl.metadata (2.8 kB)
Collecting rpds-py>=0.7.1 (from jsonschema<5,>=4.23.0->volatility3==2.19.0)
  Using cached rpds_py-0.22.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (4.2 kB)
Collecting setuptools>=42.0.0 (from pyinstaller<7,>=6.5.0->volatility3==2.19.0)
  Using cached setuptools-75.8.0-py3-none-any.whl.metadata (6.7 kB)
Collecting altgraph (from pyinstaller<7,>=6.5.0->volatility3==2.19.0)
  Using cached altgraph-0.17.4-py2.py3-none-any.whl.metadata (7.3 kB)
Collecting packaging>=22.0 (from pyinstaller<7,>=6.5.0->volatility3==2.19.0)
  Using cached packaging-24.2-py3-none-any.whl.metadata (3.2 kB)
Collecting yara-python<5,>=4.5.1 (from volatility3==2.19.0)
  Using cached yara_python-4.5.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (2.6 kB)
Collecting capstone<6,>=5.0.3 (from volatility3==2.19.0)
  Using cached capstone-5.0.5-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.3 kB)
Collecting pycryptodome<4,>=3.21.0 (from volatility3==2.19.0)
  Using cached pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.4 kB)
Collecting leechcorepyc<3,>=2.19.2 (from volatility3==2.19.0)
  Using cached leechcorepyc-2.20.0-cp36-abi3-manylinux1_x86_64.whl.metadata (557 bytes)
Collecting pillow<11.0.0,>=10.0.0 (from volatility3==2.19.0)
  Using cached pillow-10.4.0-cp312-cp312-manylinux_2_28_x86_64.whl.metadata (9.2 kB)
Collecting gcsfs>=2024.10.0 (from volatility3==2.19.0)
  Using cached gcsfs-2024.12.0-py2.py3-none-any.whl.metadata (1.6 kB)
Collecting s3fs>=2024.10.0 (from volatility3==2.19.0)
  Using cached s3fs-2024.12.0-py3-none-any.whl.metadata (1.6 kB)
Collecting aiohttp!=4.0.0a0,!=4.0.0a1 (from gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached aiohttp-3.11.11-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (7.7 kB)
Collecting decorator>4.1.2 (from gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached decorator-5.1.1-py3-none-any.whl.metadata (4.0 kB)
Collecting fsspec==2024.12.0 (from gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached fsspec-2024.12.0-py3-none-any.whl.metadata (11 kB)
Collecting google-auth>=1.2 (from gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached google_auth-2.38.0-py2.py3-none-any.whl.metadata (4.8 kB)
Collecting google-auth-oauthlib (from gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached google_auth_oauthlib-1.2.1-py2.py3-none-any.whl.metadata (2.7 kB)
Collecting google-cloud-storage (from gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached google_cloud_storage-2.19.0-py2.py3-none-any.whl.metadata (9.1 kB)
Collecting requests (from gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached requests-2.32.3-py3-none-any.whl.metadata (4.6 kB)
Collecting typing-extensions>=4.4.0 (from referencing>=0.28.4->jsonschema<5,>=4.23.0->volatility3==2.19.0)
  Using cached typing_extensions-4.12.2-py3-none-any.whl.metadata (3.0 kB)
Collecting aiobotocore<3.0.0,>=2.5.4 (from s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached aiobotocore-2.19.0-py3-none-any.whl.metadata (23 kB)
Collecting aioitertools<1.0.0,>=0.5.1 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached aioitertools-0.12.0-py3-none-any.whl.metadata (3.8 kB)
Collecting botocore<1.36.4,>=1.36.0 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached botocore-1.36.3-py3-none-any.whl.metadata (5.7 kB)
Collecting python-dateutil<3.0.0,>=2.1 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata (8.4 kB)
Collecting jmespath<2.0.0,>=0.7.1 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached jmespath-1.0.1-py3-none-any.whl.metadata (7.6 kB)
Collecting multidict<7.0.0,>=6.0.0 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached multidict-6.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (5.0 kB)
Collecting urllib3!=2.2.0,<3,>=1.25.4 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached urllib3-2.3.0-py3-none-any.whl.metadata (6.5 kB)
Collecting wrapt<2.0.0,>=1.10.10 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached wrapt-1.17.2-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (6.4 kB)
Collecting aiohappyeyeballs>=2.3.0 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached aiohappyeyeballs-2.4.4-py3-none-any.whl.metadata (6.1 kB)
Collecting aiosignal>=1.1.2 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached aiosignal-1.3.2-py2.py3-none-any.whl.metadata (3.8 kB)
Collecting frozenlist>=1.1.1 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached frozenlist-1.5.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (13 kB)
Collecting propcache>=0.2.0 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached propcache-0.2.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (9.2 kB)
Collecting yarl<2.0,>=1.17.0 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached yarl-1.18.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (69 kB)
Collecting cachetools<6.0,>=2.0.0 (from google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached cachetools-5.5.1-py3-none-any.whl.metadata (5.4 kB)
Collecting pyasn1-modules>=0.2.1 (from google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached pyasn1_modules-0.4.1-py3-none-any.whl.metadata (3.5 kB)
Collecting rsa<5,>=3.1.4 (from google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached rsa-4.9-py3-none-any.whl.metadata (4.2 kB)
Collecting requests-oauthlib>=0.7.0 (from google-auth-oauthlib->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached requests_oauthlib-2.0.0-py2.py3-none-any.whl.metadata (11 kB)
Collecting google-api-core<3.0.0dev,>=2.15.0 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached google_api_core-2.24.0-py3-none-any.whl.metadata (3.0 kB)
Collecting google-cloud-core<3.0dev,>=2.3.0 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached google_cloud_core-2.4.1-py2.py3-none-any.whl.metadata (2.7 kB)
Collecting google-resumable-media>=2.7.2 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached google_resumable_media-2.7.2-py2.py3-none-any.whl.metadata (2.2 kB)
Collecting google-crc32c<2.0dev,>=1.0 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached google_crc32c-1.6.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (2.3 kB)
Collecting charset-normalizer<4,>=2 (from requests->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached charset_normalizer-3.4.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (35 kB)
Collecting idna<4,>=2.5 (from requests->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached idna-3.10-py3-none-any.whl.metadata (10 kB)
Collecting certifi>=2017.4.17 (from requests->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached certifi-2024.12.14-py3-none-any.whl.metadata (2.3 kB)
Collecting googleapis-common-protos<2.0.dev0,>=1.56.2 (from google-api-core<3.0.0dev,>=2.15.0->google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached googleapis_common_protos-1.66.0-py2.py3-none-any.whl.metadata (1.5 kB)
Collecting protobuf!=3.20.0,!=3.20.1,!=4.21.0,!=4.21.1,!=4.21.2,!=4.21.3,!=4.21.4,!=4.21.5,<6.0.0.dev0,>=3.19.5 (from google-api-core<3.0.0dev,>=2.15.0->google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached protobuf-5.29.3-cp38-abi3-manylinux2014_x86_64.whl.metadata (592 bytes)
Collecting proto-plus<2.0.0dev,>=1.22.3 (from google-api-core<3.0.0dev,>=2.15.0->google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached proto_plus-1.25.0-py3-none-any.whl.metadata (2.2 kB)
Collecting pyasn1<0.7.0,>=0.4.6 (from pyasn1-modules>=0.2.1->google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached pyasn1-0.6.1-py3-none-any.whl.metadata (8.4 kB)
Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.19.0)
  Using cached six-1.17.0-py2.py3-none-any.whl.metadata (1.7 kB)
Collecting oauthlib>=3.0.0 (from requests-oauthlib>=0.7.0->google-auth-oauthlib->gcsfs>=2024.10.0->volatility3==2.19.0)
  Using cached oauthlib-3.2.2-py3-none-any.whl.metadata (7.5 kB)
Using cached jsonschema-4.23.0-py3-none-any.whl (88 kB)
Using cached pefile-2024.8.26-py3-none-any.whl (74 kB)
Using cached pyinstaller-6.11.1-py3-none-manylinux2014_x86_64.whl (710 kB)
Using cached pyinstaller_hooks_contrib-2025.0-py3-none-any.whl (344 kB)
Using cached types_jsonschema-4.23.0.20241208-py3-none-any.whl (15 kB)
Using cached attrs-25.1.0-py3-none-any.whl (63 kB)
Using cached capstone-5.0.5-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.5 MB)
Using cached gcsfs-2024.12.0-py2.py3-none-any.whl (35 kB)
Using cached fsspec-2024.12.0-py3-none-any.whl (183 kB)
Using cached jsonschema_specifications-2024.10.1-py3-none-any.whl (18 kB)
Using cached leechcorepyc-2.20.0-cp36-abi3-manylinux1_x86_64.whl (191 kB)
Using cached packaging-24.2-py3-none-any.whl (65 kB)
Using cached pillow-10.4.0-cp312-cp312-manylinux_2_28_x86_64.whl (4.5 MB)
Using cached pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
Using cached referencing-0.36.2-py3-none-any.whl (26 kB)
Using cached rpds_py-0.22.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (385 kB)
Using cached s3fs-2024.12.0-py3-none-any.whl (30 kB)
Using cached setuptools-75.8.0-py3-none-any.whl (1.2 MB)
Using cached yara_python-4.5.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
Using cached altgraph-0.17.4-py2.py3-none-any.whl (21 kB)
Using cached aiobotocore-2.19.0-py3-none-any.whl (77 kB)
Using cached aiohttp-3.11.11-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.7 MB)
Using cached decorator-5.1.1-py3-none-any.whl (9.1 kB)
Using cached google_auth-2.38.0-py2.py3-none-any.whl (210 kB)
Using cached typing_extensions-4.12.2-py3-none-any.whl (37 kB)
Using cached google_auth_oauthlib-1.2.1-py2.py3-none-any.whl (24 kB)
Using cached google_cloud_storage-2.19.0-py2.py3-none-any.whl (131 kB)
Using cached requests-2.32.3-py3-none-any.whl (64 kB)
Using cached aiohappyeyeballs-2.4.4-py3-none-any.whl (14 kB)
Using cached aioitertools-0.12.0-py3-none-any.whl (24 kB)
Using cached aiosignal-1.3.2-py2.py3-none-any.whl (7.6 kB)
Using cached botocore-1.36.3-py3-none-any.whl (13.3 MB)
Using cached cachetools-5.5.1-py3-none-any.whl (9.5 kB)
Using cached certifi-2024.12.14-py3-none-any.whl (164 kB)
Using cached charset_normalizer-3.4.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (145 kB)
Using cached frozenlist-1.5.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (283 kB)
Using cached google_api_core-2.24.0-py3-none-any.whl (158 kB)
Using cached google_cloud_core-2.4.1-py2.py3-none-any.whl (29 kB)
Using cached google_crc32c-1.6.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (32 kB)
Using cached google_resumable_media-2.7.2-py2.py3-none-any.whl (81 kB)
Using cached idna-3.10-py3-none-any.whl (70 kB)
Using cached jmespath-1.0.1-py3-none-any.whl (20 kB)
Using cached multidict-6.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (131 kB)
Using cached propcache-0.2.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (243 kB)
Using cached pyasn1_modules-0.4.1-py3-none-any.whl (181 kB)
Using cached python_dateutil-2.9.0.post0-py2.py3-none-any.whl (229 kB)
Using cached requests_oauthlib-2.0.0-py2.py3-none-any.whl (24 kB)
Using cached rsa-4.9-py3-none-any.whl (34 kB)
Using cached urllib3-2.3.0-py3-none-any.whl (128 kB)
Using cached wrapt-1.17.2-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (89 kB)
Using cached yarl-1.18.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (336 kB)
Using cached googleapis_common_protos-1.66.0-py2.py3-none-any.whl (221 kB)
Using cached oauthlib-3.2.2-py3-none-any.whl (151 kB)
Using cached proto_plus-1.25.0-py3-none-any.whl (50 kB)
Using cached protobuf-5.29.3-cp38-abi3-manylinux2014_x86_64.whl (319 kB)
Using cached pyasn1-0.6.1-py3-none-any.whl (83 kB)
Using cached six-1.17.0-py2.py3-none-any.whl (11 kB)
Checking if build backend supports build_editable ... done
Building wheels for collected packages: volatility3
  Building editable for volatility3 (pyproject.toml) ... done
  Created wheel for volatility3: filename=volatility3-2.19.0-0.editable-py3-none-any.whl size=7570 sha256=7b3b4009ead7126d42f71176e5ed8c6f955238902e4625e5e7dc82612666a577
  Stored in directory: /tmp/pip-ephem-wheel-cache-4rzebvvt/wheels/80/69/9a/438c3fc64539fa0e82a6fefe70b04ccef0f3bc14b42444371d
Successfully built volatility3
Installing collected packages: yara-python, altgraph, wrapt, urllib3, typing-extensions, six, setuptools, rpds-py, pycryptodome, pyasn1, protobuf, propcache, pillow, pefile, packaging, oauthlib, multidict, leechcorepyc, jmespath, idna, google-crc32c, fsspec, frozenlist, decorator, charset-normalizer, certifi, capstone, cachetools, attrs, aioitertools, aiohappyeyeballs, yarl, volatility3, rsa, requests, referencing, python-dateutil, pyinstaller-hooks-contrib, pyasn1-modules, proto-plus, googleapis-common-protos, google-resumable-media, aiosignal, types-jsonschema, requests-oauthlib, pyinstaller, jsonschema-specifications, google-auth, botocore, aiohttp, jsonschema, google-auth-oauthlib, google-api-core, aiobotocore, s3fs, google-cloud-core, google-cloud-storage, gcsfs
Successfully installed aiobotocore-2.19.0 aiohappyeyeballs-2.4.4 aiohttp-3.11.11 aioitertools-0.12.0 aiosignal-1.3.2 altgraph-0.17.4 attrs-25.1.0 botocore-1.36.3 cachetools-5.5.1 capstone-5.0.5 certifi-2024.12.14 charset-normalizer-3.4.1 decorator-5.1.1 frozenlist-1.5.0 fsspec-2024.12.0 gcsfs-2024.12.0 google-api-core-2.24.0 google-auth-2.38.0 google-auth-oauthlib-1.2.1 google-cloud-core-2.4.1 google-cloud-storage-2.19.0 google-crc32c-1.6.0 google-resumable-media-2.7.2 googleapis-common-protos-1.66.0 idna-3.10 jmespath-1.0.1 jsonschema-4.23.0 jsonschema-specifications-2024.10.1 leechcorepyc-2.20.0 multidict-6.1.0 oauthlib-3.2.2 packaging-24.2 pefile-2024.8.26 pillow-10.4.0 propcache-0.2.1 proto-plus-1.25.0 protobuf-5.29.3 pyasn1-0.6.1 pyasn1-modules-0.4.1 pycryptodome-3.21.0 pyinstaller-6.11.1 pyinstaller-hooks-contrib-2025.0 python-dateutil-2.9.0.post0 referencing-0.36.2 requests-2.32.3 requests-oauthlib-2.0.0 rpds-py-0.22.3 rsa-4.9 s3fs-2024.12.0 setuptools-75.8.0 six-1.17.0 types-jsonschema-4.23.0.20241208 typing-extensions-4.12.2 urllib3-2.3.0 volatility3-2.19.0 wrapt-1.17.2 yara-python-4.5.1 yarl-1.18.3
(volv) bob@localhost:~/volatility3$ vol
Volatility 3 Framework 2.19.0
usage: vol [-h] [-c CONFIG] [--parallelism [{processes,threads,off}]] [-e EXTEND] [-p PLUGIN_DIRS] [-s SYMBOL_DIRS] [-v] [-l LOG] [-o OUTPUT_DIR] [-q] [-r RENDERER] [-f FILE]
           [--write-config] [--save-config SAVE_CONFIG] [--clear-cache] [--cache-path CACHE_PATH] [--offline | -u URL] [--filters FILTERS] [--hide-columns [HIDE_COLUMNS ...]]
           [--single-location SINGLE_LOCATION] [--stackers [STACKERS ...]] [--single-swap-locations [SINGLE_SWAP_LOCATIONS ...]]
           PLUGIN ...
vol: error: Please select a plugin to run (see 'vol --help' for options
(volv) bob@localhost:~/volatility3$ cd /mnt/c/Users/bob/Desktop/malware/HollowFinal/
(volv) bob@localhost:/mnt/c/Users/bob/Desktop/malware/HollowFinal$ vol -f Detected.dmp hollowp
Volatility 3 Framework 2.19.0
WARNING  volatility3.framework.plugins: Automagic exception occurred: volatility3.framework.exceptions.InvalidAddressException: Invalid address at 1000

Unsatisfied requirement plugins.HollowProcesses.kernel.symbol_table_name:

A symbol table requirement was not fulfilled.  Please verify that:
        The associated translation layer requirement was fulfilled
        You have the correct symbol file for the requirement
        The symbol file is under the correct directory or zip file
        The symbol file is named appropriately or contains the correct banner

Unable to validate the plugin requirements: ['plugins.HollowProcesses.kernel.symbol_table_name']
(volv) bob@localhost:/mnt/c/Users/bob/Desktop/malware/HollowFinal$ vol -vvvvv -f Detected.dmp hollowp
Volatility 3 Framework 2.19.0
INFO     volatility3.cli: Volatility plugins path: ['/home/bob/volatility3/volatility3/plugins', '/home/bob/volatility3/volatility3/framework/plugins']
INFO     volatility3.cli: Volatility symbols path: ['/home/bob/volatility3/volatility3/symbols', '/home/bob/volatility3/volatility3/framework/symbols']
DEBUG    volatility3.plugins.yarascan: Using yara-python module
DETAIL 3 volatility3.cli: Cache directory used: /home/bob/.cache/volatility3
INFO     volatility3.framework.automagic: Detected a windows category plugin
INFO     volatility3.framework.automagic: Running automagic: ConstructionMagic
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses
INFO     volatility3.framework.automagic: Running automagic: SymbolCacheMagic
DETAIL 3 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler, S3FileSystemHandler, GSFileSystemHandler, LeechCoreHandler
INFO     volatility3.framework.automagic: Running automagic: LayerStacker
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 2 volatility3.framework.automagic.stacker: Stacked WindowsCrashDump64Layer using WindowsCrashDumpStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsIntelStacker
DEBUG    volatility3.framework.automagic.windows: Detecting Self-referential pointer for recent windows
DEBUG    volatility3.framework.automagic.windows: DtbSelfRef64bit test succeeded at 0x1ae000
DEBUG    volatility3.framework.automagic.windows: DTB was found at: 0x1ae000
DETAIL 2 volatility3.framework.automagic.stacker: Stacked IntelLayer using WindowsIntelStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name.memory_layer
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.HollowProcesses.kernel.layer_name.memory_layer.base_layer
DETAIL 1 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None
DETAIL 1 volatility3.framework.interfaces.configuration: TypeError - kernel_virtual_offset requirements only accept int type: None
DETAIL 1 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None
DETAIL 1 volatility3.framework.interfaces.configuration: TypeError - kernel_banner requirements only accept str type: None
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses.kernel
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.HollowProcesses
DEBUG    volatility3.framework.automagic.stacker: physical_layer maximum_address: 4293816319
DEBUG    volatility3.framework.automagic.stacker: Stacked layers: ['IntelLayer', 'WindowsCrashDump64Layer', 'FileLayer']
INFO     volatility3.framework.automagic: Running automagic: WinSwapLayers
INFO     volatility3.framework.automagic: Running automagic: KernelPDBScanner
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
INFO     volatility3.framework.automagic: Running automagic: SymbolFinder
INFO     volatility3.framework.automagic: Running automagic: KernelModule
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.HollowProcesses.kernel.symbol_table_name
WARNING  volatility3.framework.plugins: Automagic exception occurred: volatility3.framework.exceptions.InvalidAddressException: Invalid address at 1000
DETAIL 1 volatility3.framework.plugins: Traceback (most recent call last):
  File "/home/bob/volatility3/volatility3/framework/automagic/__init__.py", line 138, in run
    automagic(context, config_path, requirement, progress_callback)
  File "/home/bob/volatility3/volatility3/framework/automagic/pdbscan.py", line 505, in __call__
    valid_kernel = self.determine_valid_kernel(
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/bob/volatility3/volatility3/framework/automagic/pdbscan.py", line 476, in determine_valid_kernel
    valid_kernel = method(self, context, vlayer, progress_callback)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/bob/volatility3/volatility3/framework/automagic/pdbscan.py", line 396, in method_low_stub_offset
    physical_layer.read(offset, 0x8), "little"
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/bob/volatility3/volatility3/framework/layers/linear.py", line 45, in read
    for offset, _, mapped_offset, mapped_length, layer in self.mapping(
  File "/home/bob/volatility3/volatility3/framework/layers/segmented.py", line 178, in mapping
    for offset, length, mapped_offset, mapped_length, layer in super().mapping(
  File "/home/bob/volatility3/volatility3/framework/layers/segmented.py", line 101, in mapping
    logical_offset, mapped_offset, size, mapped_size = self._find_segment(
                                                       ^^^^^^^^^^^^^^^^^^^
  File "/home/bob/volatility3/volatility3/framework/layers/segmented.py", line 83, in _find_segment
    raise exceptions.InvalidAddressException(
volatility3.framework.exceptions.InvalidAddressException: Invalid address at 1000


Unsatisfied requirement plugins.HollowProcesses.kernel.symbol_table_name:

A symbol table requirement was not fulfilled.  Please verify that:
        The associated translation layer requirement was fulfilled
        You have the correct symbol file for the requirement
        The symbol file is under the correct directory or zip file
        The symbol file is named appropriately or contains the correct banner

Unable to validate the plugin requirements: ['plugins.HollowProcesses.kernel.symbol_table_name']
(volv) bob@localhost:/mnt/c/Users/bob/Desktop/malware/HollowFinal$
```

# Run from 4262eff8 and earlier
```
bob@localhost:~$ mkdir test
bob@localhost:~$ cd test
bob@localhost:~/test$ ls
bob@localhost:~/test$ git clone --no-checkout https://github.com/volatilityfoundation/volatility3.git
Cloning into 'volatility3'...
remote: Enumerating objects: 41125, done.
remote: Counting objects: 100% (6818/6818), done.
remote: Compressing objects: 100% (1391/1391), done.
remote: Total 41125 (delta 6237), reused 5469 (delta 5425), pack-reused 34307 (from 5)
Receiving objects: 100% (41125/41125), 8.77 MiB | 7.44 MiB/s, done.
Resolving deltas: 100% (31328/31328), done.
bob@localhost:~/test$ cd volatility3/
bob@localhost:~/test/volatility3$ git checkout 4262eff
Note: switching to '4262eff'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at 4262eff8 adhere to AbstractNetfilter requirement checking
bob@localhost:~/test/volatility3$ git gc --prune=now
Enumerating objects: 41125, done.
Counting objects: 100% (41125/41125), done.
Delta compression using up to 16 threads
Compressing objects: 100% (9370/9370), done.
Writing objects: 100% (41125/41125), done.
Total 41125 (delta 31328), reused 41125 (delta 31328), pack-reused 0
bob@localhost:~/test/volatility3$ python3 -m venv 4262eff && . 4262eff/bin/activate
(4262eff) bob@localhost:~/test/volatility3$ pip install -e .[dev]
Obtaining file:///home/bob/test/volatility3
  Installing build dependencies ... done
  Checking if build backend supports build_editable ... done
  Getting requirements to build editable ... done
  Preparing editable metadata (pyproject.toml) ... done
Collecting pefile>=2024.8.26 (from volatility3==2.18.0)
  Using cached pefile-2024.8.26-py3-none-any.whl.metadata (1.4 kB)
Collecting jsonschema<5,>=4.23.0 (from volatility3==2.18.0)
  Using cached jsonschema-4.23.0-py3-none-any.whl.metadata (7.9 kB)
Collecting pyinstaller<7,>=6.11.0 (from volatility3==2.18.0)
  Using cached pyinstaller-6.11.1-py3-none-manylinux2014_x86_64.whl.metadata (8.3 kB)
Collecting pyinstaller-hooks-contrib>=2024.9 (from volatility3==2.18.0)
  Using cached pyinstaller_hooks_contrib-2025.0-py3-none-any.whl.metadata (16 kB)
Collecting types-jsonschema<5,>=4.23.0 (from volatility3==2.18.0)
  Using cached types_jsonschema-4.23.0.20241208-py3-none-any.whl.metadata (2.1 kB)
Collecting attrs>=22.2.0 (from jsonschema<5,>=4.23.0->volatility3==2.18.0)
  Using cached attrs-25.1.0-py3-none-any.whl.metadata (10 kB)
Collecting jsonschema-specifications>=2023.03.6 (from jsonschema<5,>=4.23.0->volatility3==2.18.0)
  Using cached jsonschema_specifications-2024.10.1-py3-none-any.whl.metadata (3.0 kB)
Collecting referencing>=0.28.4 (from jsonschema<5,>=4.23.0->volatility3==2.18.0)
  Using cached referencing-0.36.2-py3-none-any.whl.metadata (2.8 kB)
Collecting rpds-py>=0.7.1 (from jsonschema<5,>=4.23.0->volatility3==2.18.0)
  Using cached rpds_py-0.22.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (4.2 kB)
Collecting setuptools>=42.0.0 (from pyinstaller<7,>=6.11.0->volatility3==2.18.0)
  Using cached setuptools-75.8.0-py3-none-any.whl.metadata (6.7 kB)
Collecting altgraph (from pyinstaller<7,>=6.11.0->volatility3==2.18.0)
  Using cached altgraph-0.17.4-py2.py3-none-any.whl.metadata (7.3 kB)
Collecting packaging>=22.0 (from pyinstaller<7,>=6.11.0->volatility3==2.18.0)
  Using cached packaging-24.2-py3-none-any.whl.metadata (3.2 kB)
Collecting yara-python<5,>=4.5.1 (from volatility3==2.18.0)
  Using cached yara_python-4.5.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (2.6 kB)
Collecting capstone<6,>=5.0.3 (from volatility3==2.18.0)
  Using cached capstone-5.0.5-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.3 kB)
Collecting pycryptodome<4,>=3.21.0 (from volatility3==2.18.0)
  Using cached pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.4 kB)
Collecting leechcorepyc<3,>=2.19.2 (from volatility3==2.18.0)
  Using cached leechcorepyc-2.20.0-cp36-abi3-manylinux1_x86_64.whl.metadata (557 bytes)
Collecting pillow<11.0.0,>=10.0.0 (from volatility3==2.18.0)
  Using cached pillow-10.4.0-cp312-cp312-manylinux_2_28_x86_64.whl.metadata (9.2 kB)
Collecting gcsfs>=2024.10.0 (from volatility3==2.18.0)
  Using cached gcsfs-2024.12.0-py2.py3-none-any.whl.metadata (1.6 kB)
Collecting s3fs>=2024.10.0 (from volatility3==2.18.0)
  Using cached s3fs-2024.12.0-py3-none-any.whl.metadata (1.6 kB)
Collecting aiohttp!=4.0.0a0,!=4.0.0a1 (from gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached aiohttp-3.11.11-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (7.7 kB)
Collecting decorator>4.1.2 (from gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached decorator-5.1.1-py3-none-any.whl.metadata (4.0 kB)
Collecting fsspec==2024.12.0 (from gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached fsspec-2024.12.0-py3-none-any.whl.metadata (11 kB)
Collecting google-auth>=1.2 (from gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached google_auth-2.38.0-py2.py3-none-any.whl.metadata (4.8 kB)
Collecting google-auth-oauthlib (from gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached google_auth_oauthlib-1.2.1-py2.py3-none-any.whl.metadata (2.7 kB)
Collecting google-cloud-storage (from gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached google_cloud_storage-2.19.0-py2.py3-none-any.whl.metadata (9.1 kB)
Collecting requests (from gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached requests-2.32.3-py3-none-any.whl.metadata (4.6 kB)
Collecting typing-extensions>=4.4.0 (from referencing>=0.28.4->jsonschema<5,>=4.23.0->volatility3==2.18.0)
  Using cached typing_extensions-4.12.2-py3-none-any.whl.metadata (3.0 kB)
Collecting aiobotocore<3.0.0,>=2.5.4 (from s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached aiobotocore-2.19.0-py3-none-any.whl.metadata (23 kB)
Collecting aioitertools<1.0.0,>=0.5.1 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached aioitertools-0.12.0-py3-none-any.whl.metadata (3.8 kB)
Collecting botocore<1.36.4,>=1.36.0 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached botocore-1.36.3-py3-none-any.whl.metadata (5.7 kB)
Collecting python-dateutil<3.0.0,>=2.1 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata (8.4 kB)
Collecting jmespath<2.0.0,>=0.7.1 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached jmespath-1.0.1-py3-none-any.whl.metadata (7.6 kB)
Collecting multidict<7.0.0,>=6.0.0 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached multidict-6.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (5.0 kB)
Collecting urllib3!=2.2.0,<3,>=1.25.4 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached urllib3-2.3.0-py3-none-any.whl.metadata (6.5 kB)
Collecting wrapt<2.0.0,>=1.10.10 (from aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached wrapt-1.17.2-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (6.4 kB)
Collecting aiohappyeyeballs>=2.3.0 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached aiohappyeyeballs-2.4.4-py3-none-any.whl.metadata (6.1 kB)
Collecting aiosignal>=1.1.2 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached aiosignal-1.3.2-py2.py3-none-any.whl.metadata (3.8 kB)
Collecting frozenlist>=1.1.1 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached frozenlist-1.5.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (13 kB)
Collecting propcache>=0.2.0 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached propcache-0.2.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (9.2 kB)
Collecting yarl<2.0,>=1.17.0 (from aiohttp!=4.0.0a0,!=4.0.0a1->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached yarl-1.18.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (69 kB)
Collecting cachetools<6.0,>=2.0.0 (from google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached cachetools-5.5.1-py3-none-any.whl.metadata (5.4 kB)
Collecting pyasn1-modules>=0.2.1 (from google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached pyasn1_modules-0.4.1-py3-none-any.whl.metadata (3.5 kB)
Collecting rsa<5,>=3.1.4 (from google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached rsa-4.9-py3-none-any.whl.metadata (4.2 kB)
Collecting requests-oauthlib>=0.7.0 (from google-auth-oauthlib->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached requests_oauthlib-2.0.0-py2.py3-none-any.whl.metadata (11 kB)
Collecting google-api-core<3.0.0dev,>=2.15.0 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached google_api_core-2.24.0-py3-none-any.whl.metadata (3.0 kB)
Collecting google-cloud-core<3.0dev,>=2.3.0 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached google_cloud_core-2.4.1-py2.py3-none-any.whl.metadata (2.7 kB)
Collecting google-resumable-media>=2.7.2 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached google_resumable_media-2.7.2-py2.py3-none-any.whl.metadata (2.2 kB)
Collecting google-crc32c<2.0dev,>=1.0 (from google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached google_crc32c-1.6.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (2.3 kB)
Collecting charset-normalizer<4,>=2 (from requests->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached charset_normalizer-3.4.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (35 kB)
Collecting idna<4,>=2.5 (from requests->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached idna-3.10-py3-none-any.whl.metadata (10 kB)
Collecting certifi>=2017.4.17 (from requests->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached certifi-2024.12.14-py3-none-any.whl.metadata (2.3 kB)
Collecting googleapis-common-protos<2.0.dev0,>=1.56.2 (from google-api-core<3.0.0dev,>=2.15.0->google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached googleapis_common_protos-1.66.0-py2.py3-none-any.whl.metadata (1.5 kB)
Collecting protobuf!=3.20.0,!=3.20.1,!=4.21.0,!=4.21.1,!=4.21.2,!=4.21.3,!=4.21.4,!=4.21.5,<6.0.0.dev0,>=3.19.5 (from google-api-core<3.0.0dev,>=2.15.0->google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached protobuf-5.29.3-cp38-abi3-manylinux2014_x86_64.whl.metadata (592 bytes)
Collecting proto-plus<2.0.0dev,>=1.22.3 (from google-api-core<3.0.0dev,>=2.15.0->google-cloud-storage->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached proto_plus-1.25.0-py3-none-any.whl.metadata (2.2 kB)
Collecting pyasn1<0.7.0,>=0.4.6 (from pyasn1-modules>=0.2.1->google-auth>=1.2->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached pyasn1-0.6.1-py3-none-any.whl.metadata (8.4 kB)
Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->aiobotocore<3.0.0,>=2.5.4->s3fs>=2024.10.0->volatility3==2.18.0)
  Using cached six-1.17.0-py2.py3-none-any.whl.metadata (1.7 kB)
Collecting oauthlib>=3.0.0 (from requests-oauthlib>=0.7.0->google-auth-oauthlib->gcsfs>=2024.10.0->volatility3==2.18.0)
  Using cached oauthlib-3.2.2-py3-none-any.whl.metadata (7.5 kB)
Using cached jsonschema-4.23.0-py3-none-any.whl (88 kB)
Using cached pefile-2024.8.26-py3-none-any.whl (74 kB)
Using cached pyinstaller-6.11.1-py3-none-manylinux2014_x86_64.whl (710 kB)
Using cached pyinstaller_hooks_contrib-2025.0-py3-none-any.whl (344 kB)
Using cached types_jsonschema-4.23.0.20241208-py3-none-any.whl (15 kB)
Using cached attrs-25.1.0-py3-none-any.whl (63 kB)
Using cached capstone-5.0.5-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.5 MB)
Using cached gcsfs-2024.12.0-py2.py3-none-any.whl (35 kB)
Using cached fsspec-2024.12.0-py3-none-any.whl (183 kB)
Using cached jsonschema_specifications-2024.10.1-py3-none-any.whl (18 kB)
Using cached leechcorepyc-2.20.0-cp36-abi3-manylinux1_x86_64.whl (191 kB)
Using cached packaging-24.2-py3-none-any.whl (65 kB)
Using cached pillow-10.4.0-cp312-cp312-manylinux_2_28_x86_64.whl (4.5 MB)
Using cached pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
Using cached referencing-0.36.2-py3-none-any.whl (26 kB)
Using cached rpds_py-0.22.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (385 kB)
Using cached s3fs-2024.12.0-py3-none-any.whl (30 kB)
Using cached setuptools-75.8.0-py3-none-any.whl (1.2 MB)
Using cached yara_python-4.5.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
Using cached altgraph-0.17.4-py2.py3-none-any.whl (21 kB)
Using cached aiobotocore-2.19.0-py3-none-any.whl (77 kB)
Using cached aiohttp-3.11.11-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.7 MB)
Using cached decorator-5.1.1-py3-none-any.whl (9.1 kB)
Using cached google_auth-2.38.0-py2.py3-none-any.whl (210 kB)
Using cached typing_extensions-4.12.2-py3-none-any.whl (37 kB)
Using cached google_auth_oauthlib-1.2.1-py2.py3-none-any.whl (24 kB)
Using cached google_cloud_storage-2.19.0-py2.py3-none-any.whl (131 kB)
Using cached requests-2.32.3-py3-none-any.whl (64 kB)
Using cached aiohappyeyeballs-2.4.4-py3-none-any.whl (14 kB)
Using cached aioitertools-0.12.0-py3-none-any.whl (24 kB)
Using cached aiosignal-1.3.2-py2.py3-none-any.whl (7.6 kB)
Using cached botocore-1.36.3-py3-none-any.whl (13.3 MB)
Using cached cachetools-5.5.1-py3-none-any.whl (9.5 kB)
Using cached certifi-2024.12.14-py3-none-any.whl (164 kB)
Using cached charset_normalizer-3.4.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (145 kB)
Using cached frozenlist-1.5.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (283 kB)
Using cached google_api_core-2.24.0-py3-none-any.whl (158 kB)
Using cached google_cloud_core-2.4.1-py2.py3-none-any.whl (29 kB)
Using cached google_crc32c-1.6.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (32 kB)
Using cached google_resumable_media-2.7.2-py2.py3-none-any.whl (81 kB)
Using cached idna-3.10-py3-none-any.whl (70 kB)
Using cached jmespath-1.0.1-py3-none-any.whl (20 kB)
Using cached multidict-6.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (131 kB)
Using cached propcache-0.2.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (243 kB)
Using cached pyasn1_modules-0.4.1-py3-none-any.whl (181 kB)
Using cached python_dateutil-2.9.0.post0-py2.py3-none-any.whl (229 kB)
Using cached requests_oauthlib-2.0.0-py2.py3-none-any.whl (24 kB)
Using cached rsa-4.9-py3-none-any.whl (34 kB)
Using cached urllib3-2.3.0-py3-none-any.whl (128 kB)
Using cached wrapt-1.17.2-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (89 kB)
Using cached yarl-1.18.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (336 kB)
Using cached googleapis_common_protos-1.66.0-py2.py3-none-any.whl (221 kB)
Using cached oauthlib-3.2.2-py3-none-any.whl (151 kB)
Using cached proto_plus-1.25.0-py3-none-any.whl (50 kB)
Using cached protobuf-5.29.3-cp38-abi3-manylinux2014_x86_64.whl (319 kB)
Using cached pyasn1-0.6.1-py3-none-any.whl (83 kB)
Using cached six-1.17.0-py2.py3-none-any.whl (11 kB)
Checking if build backend supports build_editable ... done
Building wheels for collected packages: volatility3
  Building editable for volatility3 (pyproject.toml) ... done
  Created wheel for volatility3: filename=volatility3-2.18.0-0.editable-py3-none-any.whl size=7578 sha256=9168c89f27da8d0da936ccb37e1982cc50fd05efe7a3a9b60fb070b714c83065
  Stored in directory: /tmp/pip-ephem-wheel-cache-k29b938i/wheels/a2/db/de/c29f1a448175f56aa18b4d1dcbb282352b969d6208c01e6cc6
Successfully built volatility3
Installing collected packages: yara-python, altgraph, wrapt, urllib3, typing-extensions, six, setuptools, rpds-py, pycryptodome, pyasn1, protobuf, propcache, pillow, pefile, packaging, oauthlib, multidict, leechcorepyc, jmespath, idna, google-crc32c, fsspec, frozenlist, decorator, charset-normalizer, certifi, capstone, cachetools, attrs, aioitertools, aiohappyeyeballs, yarl, volatility3, rsa, requests, referencing, python-dateutil, pyinstaller-hooks-contrib, pyasn1-modules, proto-plus, googleapis-common-protos, google-resumable-media, aiosignal, types-jsonschema, requests-oauthlib, pyinstaller, jsonschema-specifications, google-auth, botocore, aiohttp, jsonschema, google-auth-oauthlib, google-api-core, aiobotocore, s3fs, google-cloud-core, google-cloud-storage, gcsfs
Successfully installed aiobotocore-2.19.0 aiohappyeyeballs-2.4.4 aiohttp-3.11.11 aioitertools-0.12.0 aiosignal-1.3.2 altgraph-0.17.4 attrs-25.1.0 botocore-1.36.3 cachetools-5.5.1 capstone-5.0.5 certifi-2024.12.14 charset-normalizer-3.4.1 decorator-5.1.1 frozenlist-1.5.0 fsspec-2024.12.0 gcsfs-2024.12.0 google-api-core-2.24.0 google-auth-2.38.0 google-auth-oauthlib-1.2.1 google-cloud-core-2.4.1 google-cloud-storage-2.19.0 google-crc32c-1.6.0 google-resumable-media-2.7.2 googleapis-common-protos-1.66.0 idna-3.10 jmespath-1.0.1 jsonschema-4.23.0 jsonschema-specifications-2024.10.1 leechcorepyc-2.20.0 multidict-6.1.0 oauthlib-3.2.2 packaging-24.2 pefile-2024.8.26 pillow-10.4.0 propcache-0.2.1 proto-plus-1.25.0 protobuf-5.29.3 pyasn1-0.6.1 pyasn1-modules-0.4.1 pycryptodome-3.21.0 pyinstaller-6.11.1 pyinstaller-hooks-contrib-2025.0 python-dateutil-2.9.0.post0 referencing-0.36.2 requests-2.32.3 requests-oauthlib-2.0.0 rpds-py-0.22.3 rsa-4.9 s3fs-2024.12.0 setuptools-75.8.0 six-1.17.0 types-jsonschema-4.23.0.20241208 typing-extensions-4.12.2 urllib3-2.3.0 volatility3-2.18.0 wrapt-1.17.2 yara-python-4.5.1 yarl-1.18.3
(4262eff) bob@localhost:~/test/volatility3$
(4262eff) bob@localhost:~/test/volatility3$
(4262eff) bob@localhost:~/test/volatility3$ cd /mnt/c/Users/bob/Desktop/malware/HollowFinal
(4262eff) bob@localhost:/mnt/c/Users/bob/Desktop/malware/HollowFinal$ vol -v -f Detected.dmp hollowp
Volatility 3 Framework 2.18.0
INFO     volatility3.cli: Volatility plugins path: ['/home/bob/test/volatility3/volatility3/plugins', '/home/bob/test/volatility3/volatility3/framework/plugins']
INFO     volatility3.cli: Volatility symbols path: ['/home/bob/test/volatility3/volatility3/symbols', '/home/bob/test/volatility3/volatility3/framework/symbols']
INFO     volatility3.framework.automagic: Detected a windows category plugin
INFO     volatility3.framework.automagic: Running automagic: ConstructionMagic
INFO     volatility3.framework.automagic: Running automagic: SymbolCacheMagic
INFO     volatility3.framework.automagic: Running automagic: LayerStacker
INFO     volatility3.framework.automagic: Running automagic: WinSwapLayers
INFO     volatility3.framework.automagic: Running automagic: KernelPDBScanner
INFO     volatility3.framework.automagic: Running automagic: SymbolFinder
INFO     volatility3.framework.automagic: Running automagic: KernelModule

PID     Process Notes

11712   lsass.exe       Unexpected protection (PAGE_EXECUTE_READWRITE) for VAD hosting the process executable (0x7ff7183e0000) with path <Non-File Backed Region>
11712   lsass.exe       Unexpected protection (PAGE_EXECUTE_READWRITE) for DLL in the PEB's load order list (0x7ff7183e0000) with path C:\Windows\System32\lsass.exe
(4262eff) bob@localhost:/mnt/c/Users/bob/Desktop/malware/HollowFinal$
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Change after 4262eff broke symbol table requirements #1580

Current dev (`ea232f5`) run

Run from `4262eff` and earlier

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Change after 4262eff broke symbol table requirements #1580

Description

Current dev (ea232f5) run

Run from 4262eff and earlier

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Current dev (`ea232f5`) run

Run from `4262eff` and earlier