Merge pull request #1630 from volatilityfoundation/issues/issue1629

Issues/issue1629
volatilityfoundation · Feb 25, 2025 · 08f47d4 · 08f47d4
2 parents d70c571 + 6c01977
commit 08f47d4
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 14 deletions.
diff --git a/volatility3/framework/plugins/windows/debugregisters.py b/volatility3/framework/plugins/windows/debugregisters.py
@@ -24,7 +24,7 @@
 class DebugRegisters(interfaces.plugins.PluginInterface):
     # version 2.6.0 adds support for scanning for 'Ethread' structures by pool tags
     _required_framework_version = (2, 6, 0)
-    _version = (1, 0, 0)
+    _version = (1, 0, 1)
 
     @classmethod
     def get_requirements(cls) -> List:
@@ -37,6 +37,9 @@ def get_requirements(cls) -> List:
             requirements.VersionRequirement(
                 name="pslist", component=pslist.PsList, version=(2, 0, 0)
             ),
+            requirements.VersionRequirement(
+                name="threads", component=threads.Threads, version=(1, 0, 0)
+            ),
             requirements.VersionRequirement(
                 name="pe_symbols", component=pe_symbols.PESymbols, version=(1, 0, 0)
             ),

diff --git a/volatility3/framework/plugins/windows/threads.py b/volatility3/framework/plugins/windows/threads.py
@@ -16,7 +16,7 @@ class Threads(thrdscan.ThrdScan):
     """Lists process threads"""
 
     _required_framework_version = (2, 4, 0)
-    _version = (1, 0, 0)
+    _version = (1, 0, 1)
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -31,12 +31,6 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 description="Windows kernel",
                 architectures=["Intel32", "Intel64"],
             ),
-            requirements.ListRequirement(
-                name="pid",
-                description="Filter on specific process IDs",
-                element_type=int,
-                optional=True,
-            ),
             requirements.PluginRequirement(
                 name="thrdscan", plugin=thrdscan.ThrdScan, version=(1, 1, 0)
             ),
@@ -65,21 +59,16 @@ def list_threads(
 
     @classmethod
     def list_process_threads(
-        cls,
-        context: interfaces.context.ContextInterface,
-        module_name: str,
+        cls, context: interfaces.context.ContextInterface, module_name: str
     ) -> Iterable[interfaces.objects.ObjectInterface]:
         """Runs through all processes and lists threads for each process"""
         module = context.modules[module_name]
         layer_name = module.layer_name
         symbol_table_name = module.symbol_table_name
 
-        filter_func = pslist.PsList.create_pid_filter(context.config.get("pid", None))
-
         for proc in pslist.PsList.list_processes(
             context=context,
             layer_name=layer_name,
             symbol_table=symbol_table_name,
-            filter_func=filter_func,
         ):
             yield from cls.list_threads(module, proc)