iMHLv2/gist:cb05924e1d6317a20fdc

## gistfile1.txt
@staticmethod
def shimcache_xp(address_space):
    """Enumerate entries from the shared memory section
    on XP systems."""

    seen = []
    shim = lambda x : (x.Tag == "Vad " and
                              x.VadFlags.Protection == 4)

    for process in tasks.pslist(address_space):
        for vad, space in process.get_vads(vad_filter = shim):

            if space.read(vad.Start, 4) != "\xEF\xBE\xAD\xDE":
                continue

            records = obj.Object("ShimRecords",
                                 offset = vad.Start,
                                 vm = space)

            for entry in records.Entries:

                if not entry.is_valid():
                    continue

                entry_offset = space.vtop(entry.obj_offset)
                if entry_offset in seen:
                    continue
                seen.append(entry_offset)

                yield entry.Path, entry.LastModified, entry.LastUpdate
	@staticmethod
	def shimcache_xp(address_space):
	"""Enumerate entries from the shared memory section
	on XP systems."""

	seen = []
	shim = lambda x : (x.Tag == "Vad " and
	x.VadFlags.Protection == 4)

	for process in tasks.pslist(address_space):
	for vad, space in process.get_vads(vad_filter = shim):

	if space.read(vad.Start, 4) != "\xEF\xBE\xAD\xDE":
	continue

	records = obj.Object("ShimRecords",
	offset = vad.Start,
	vm = space)

	for entry in records.Entries:

	if not entry.is_valid():
	continue

	entry_offset = space.vtop(entry.obj_offset)
	if entry_offset in seen:
	continue
	seen.append(entry_offset)

	yield entry.Path, entry.LastModified, entry.LastUpdate