Merge pull request #1609 from volatilityfoundation/unloaded_modules_v…

…alid_modules_only

Prevent yielding smeared/broken modules from the unloaded module list

volatility3/framework/plugins/windows/unloadedmodules.py

@@ -117,7 +117,18 @@ def list_unloadedmodules(
         )
         unloadedmodules_array.UnloadedDrivers.count = unloaded_count
 
-        yield from unloadedmodules_array.UnloadedDrivers
+        for driver in unloadedmodules_array.UnloadedDrivers:
+            # Mass testing led to dozens of samples backtracing on this plugin when
+            # accessing members of modules coming out this list
+            # Given how often temporary drivers load and unload on Win10+, I
+            # assume the chance for smear is very high
+            try:
+                driver.StartAddress
+                driver.EndAddress
+                driver.CurrentTime
+                yield driver
+            except exceptions.InvalidAddressException:
+                continue
 
     def _generator(self):
         kernel = self.context.modules[self.config["kernel"]]