{"id":18088545,"url":"https://github.com/citronneur/volatility-wnf","last_synced_at":"2025-06-13T10:34:52.136Z","repository":{"id":73987881,"uuid":"165863106","full_name":"citronneur/volatility-wnf","owner":"citronneur","description":"Browse and dump Windows Notification Facilities","archived":false,"fork":false,"pushed_at":"2019-01-15T14:33:51.000Z","size":6,"stargazers_count":15,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-13T03:12:20.384Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/citronneur.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-01-15T14:16:04.000Z","updated_at":"2021-04-02T20:50:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"8e1e981f-30d5-4922-91b0-22a7ee47e230","html_url":"https://github.com/citronneur/volatility-wnf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citronneur%2Fvolatility-wnf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citronneur%2Fvolatility-wnf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citronneur%2Fvolatility-wnf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citronneur%2Fvolatility-wnf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/citronneur","download_url":"https://codeload.github.com/citronneur/volatility-wnf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248657923,"owners_count":21140846,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-31T17:13:22.980Z","updated_at":"2025-04-13T03:16:25.529Z","avatar_url":"https://github.com/citronneur.png","language":"Python","funding_links":[],"categories":["Operating Systems","\u003ca id=\"4d2a33083a894d6e6ef01b360929f30a\"\u003e\u003c/a\u003eVolatility"],"sub_categories":["Windows"],"readme":"# volatility-wnf\n\nBrowse and dump Windows Notification Facilities\n\nThis plugin is based on work of Alex Ionescu and Gabrielle Viala.\n\n* https://blog.quarkslab.com/playing-with-the-windows-notification-facility-wnf.html\n* https://www.blackhat.com/us-18/briefings/schedule/#the-windows-notification-facility-peeling-the-onion-of-the-most-undocumented-kernel-attack-surface-yet-11626\n* https://www.youtube.com/watch?v=MybmgE95weo\n\nThis plugin just walk through all process, or by filter one, and dump all subscribers.\nAdditionnaly, it can dump associated data from a subscriber.\n\n## Install\n\nPlease put *wnf.py* in your volatility plugin folder.\n\n## Use\n\nTo dump all subscribers of all process\n```\npython vol.py -f your_dump --profile=your_profile wnf\n```\n\nTo dump all subscriber of a particular process\n```\npython vol.py -f your_dump --profile=your_profile wnf --pid PID\n```\n\nTo dump data associated to a particular subscriber\n```\npython vol.py -f your_dump --profile=your_profile wnfdata -s ADRESS_OF_SUBSCRIBER\n```\n\nADRESS_OF_SUBSCRIBER is the first field dump from wnf command.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcitronneur%2Fvolatility-wnf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcitronneur%2Fvolatility-wnf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcitronneur%2Fvolatility-wnf/lists"}