Web lists-archives.com

Re: Virtual Machine question

On 10/26/2017 03:30 AM, David B. wrote:
On 26/10/2017 06:31, Sailfish wrote:
My bloviated meandering follows what David B. graced us with on 10/24/2017 3:53 PM:
Might it be possible for someone to have set up a VM on my iMac without my knowledge? If so, how could I check? (I do have a reason for asking).

If they did, you should be able to see it via your process monitor, more at:


Thank you so much for the link to a fascinating article! :-)

I did find this:-

zone name            size        size        size      #elts       #elts       inuse   size  count        wasted      Total Allocs ---------------------------------------------------------------------------------------------------------------------------------- zones                 288         64K         54K        227         192         215    20K     71            3K               60K vm.objects            240      30224K      44286K     128955      188956      127432     4K     17   C      357K          1975766K vm.object.hash.en$     40       3880K       5832K      99328      149299       90026     4K    102   C      363K            81146K maps                  248         60K         60K        247         247         191     8K     33           13K          1109888K VM.map.entries         80      13924K      17496K     178227      223948      138299    20K    256   C     3119K          1585508K Reserved.VM.map.e$     80         44K       2560K        563       32768          45     4K     51           40K              412K VM.map.copies          88         16K         16K        186         186           0     8K     93   C       16K             7672K VM.map.holes           32       1040K         16K      33280         512       24881     4K    128   C      262K           334093K


I will continue to explore!

Per https://github.com/volatilityfoundation/volatility/wiki/Mac-Command-Reference

They are mac_list_zones

This plugin enumerates zones (in this context a zone is similar to a structure). You can use it to determine how many of a particular type of structure (i.e. a process object) are active and freed. Other plugins can inherit from mac_list_zones and actually collect the addresses of each active object type, leading to a wealthy source of information regarding where to find allocated objects in memory dumps.

tBM :)
general mailing list