volatility3.cli.volshell.generic module
- class NullFileHandler(preferred_name)[source]
Bases:
BytesIO
,FileHandlerInterface
Null FileHandler that swallows files whole without consuming memory
- close()
Disable all I/O operations.
- closed
True if the file is closed.
- detach()
Disconnect this buffer from its underlying raw stream and return it.
After the raw stream has been detached, the buffer is in an unusable state.
- fileno()
Returns underlying file descriptor if one exists.
OSError is raised if the IO object does not use a file descriptor.
- flush()
Does nothing.
- getbuffer()
Get a read-write view over the contents of the BytesIO object.
- getvalue()
Retrieve the entire contents of the BytesIO object.
- isatty()
Always returns False.
BytesIO objects are not connected to a TTY-like device.
- property preferred_filename
The preferred filename to save the data to. Until this file has been written, this value may not be the final filename the data is written to.
- read(size=-1, /)
Read at most size bytes, returned as a bytes object.
If the size argument is negative, read until EOF is reached. Return an empty bytes object at EOF.
- read1(size=-1, /)
Read at most size bytes, returned as a bytes object.
If the size argument is negative or omitted, read until EOF is reached. Return an empty bytes object at EOF.
- readable()
Returns True if the IO object can be read.
- readall()
Read until EOF, using multiple read() call.
- readinto(buffer, /)
Read bytes into buffer.
Returns number of bytes read (0 for EOF), or None if the object is set not to block and has no data to read.
- readinto1(buffer, /)
- readline(size=-1, /)
Next line from the file, as a bytes object.
Retain newline. A non-negative size argument limits the maximum number of bytes to return (an incomplete line may be returned then). Return an empty bytes object at EOF.
- readlines(size=None, /)
List of bytes objects, each a line from the file.
Call readline() repeatedly and return a list of the lines so read. The optional size argument, if given, is an approximate bound on the total number of bytes in the lines returned.
- static sanitize_filename(filename)
Sanititizes the filename to ensure only a specific whitelist of characters is allowed through
- Return type:
- seek(pos, whence=0, /)
Change stream position.
- Seek to byte offset pos relative to position indicated by whence:
0 Start of stream (the default). pos should be >= 0; 1 Current position - pos may be negative; 2 End of stream - pos usually negative.
Returns the new absolute position.
- seekable()
Returns True if the IO object can be seeked.
- tell()
Current file position, an integer.
- truncate(size=None, /)
Truncate the file to at most size bytes.
Size defaults to the current file position, as returned by tell(). The current file position is unchanged. Returns the new size.
- writable()
Returns True if the IO object can be written.
- class Volshell(*args, **kwargs)[source]
Bases:
PluginInterface
Shell environment to directly interact with a memory image.
- Parameters:
context – The context that the plugin will operate within
config_path – The path to configuration data within the context configuration data
progress_callback – A callable that can provide feedback at progress points
- DEFAULT_NUM_DISPLAY_BYTES = 128
- build_configuration()
Constructs a HierarchicalDictionary of all the options required to build this component in the current context.
Ensures that if the class has been created, it can be recreated using the configuration built Inheriting classes must override this to ensure any dependent classes update their configurations too
- Return type:
- property config: HierarchicalDict
The Hierarchical configuration Dictionary for this Configurable object.
- property context: ContextInterface
The context object that this configurable belongs to/configuration is stored in.
- create_configurable(clazz, **kwargs)[source]
Creates a configurable object, converting arguments to configuration
- property current_kernel_name
- property current_layer
- property current_symbol_table
- disassemble(offset, count=128, layer_name=None, architecture=None)[source]
Disassembles a number of instructions from the code at offset
- display_bytes(offset, count=128, layer_name=None)[source]
Displays byte values and ASCII characters
- display_doublewords(offset, count=128, layer_name=None)[source]
Displays double-word values (4 bytes) and corresponding ASCII characters
- display_plugin_output(plugin, **kwargs)[source]
Displays the output for a particular plugin (with keyword arguments)
- Return type:
- display_quadwords(offset, count=128, layer_name=None)[source]
Displays quad-word values (8 bytes) and corresponding ASCII characters
- display_symbols(symbol_table=None)[source]
Prints an alphabetical list of symbols for a symbol table
- display_type(object, offset=None)[source]
Display Type describes the members of a particular object in alphabetical order
- display_words(offset, count=128, layer_name=None)[source]
Displays word values (2 bytes) and corresponding ASCII characters
- generate_treegrid(plugin, **kwargs)[source]
Generates a TreeGrid based on a specific plugin passing in kwarg configuration values
- classmethod get_requirements()[source]
Returns a list of Requirement objects for this plugin.
- Return type:
- property kernel
Returns the current kernel object
- classmethod make_subconfig(context, base_config_path, **kwargs)
Convenience function to allow constructing a new randomly generated sub-configuration path, containing each element from kwargs.
- Parameters:
context (
ContextInterface
) – The context in which to store the new configurationbase_config_path (
str
) – The base configuration path on which to build the new configurationkwargs – Keyword arguments that are used to populate the new configuration path
- Returns:
The newly generated full configuration path
- Return type:
- property open
Returns a context manager and thus can be called like open
- regex_scan(pattern, count=128, layer_name=None)[source]
Scans for regex pattern in layer using RegExScanner.
- render_treegrid(treegrid, renderer=None)[source]
Renders a treegrid as produced by generate_treegrid
- Return type:
- run(additional_locals={})[source]
Runs the interactive volshell plugin.
- Return type:
- Returns:
Return a TreeGrid but this is always empty since the point of this plugin is to run interactively
- classmethod unsatisfied(context, config_path)
Returns a list of the names of all unsatisfied requirements.
Since a satisfied set of requirements will return [], it can be used in tests as follows:
unmet = configurable.unsatisfied(context, config_path) if unmet: raise RuntimeError("Unsatisfied requirements: {}".format(unmet)
- Return type:
- version = (0, 0, 0)