Two vad related issues need warning changes/additions

[atcuno]

1. traverse should print a debug message if overlapping regions are founded:

   volatility3/volatility3/framework/symbols/windows/extensions/__init__.py

   Line 76 in d56cd83

   def traverse(self, visited=None, depth=0):

2. This messages needs to be toned down to debug instead of warning:

https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/vadyarascan.py#L71

This warning makes the vad yarascan plugin unusable on many samples (including ones we had for Black Hat and DFRWS) as it prints 1000s of times across processes.

[ikelos]

If you can get a PR in place for what you're after we can get those tweaked.

[eve-mem]

@atcuno for the overlapping regions - can I check this is what you're looking for.

In this faked output there is an overlap with the starts and ends of these two entries. For the 0xff94a1d0 it overlaps with 0x8220e848 because the end of the first one is 0x332fff, which is larger than the start of the 0x320000 - an overlap of 0x12fff. If so, do you think it's enough to check if children overlap with there parents - or is it necessary to traverse everything and then check for overlaps?

$ python3 vol.py -r pretty -f  win-xp-laptop-2005-06-25.img  windows.vadwalk --pid 4012
Volatility 3 Framework 2.10.0
Formatting...0.00               PDB scanning finished                        
  |  PID | Process |     Offset |     Parent |       Left |      Right |      Start |        End |  Tag
<snip>
* | 4012 |  dd.exe | 0xff94a1d0 | 0x81f35458 | 0x8220e848 | 0xffaa0a90 |   0x320000 |   0x332fff | Vad 
* | 4012 |  dd.exe | 0x8220e848 | 0xff94a1d0 |        0x0 |        0x0 |   0x320000 |   0x32ffff | VadS
<snip>

For point two I've made that tiny change here: #1270