volatility3.framework.symbols.metadata module

class LinuxMetadata(json_data)[source]

Bases: PosixMetadata

Class to handle the metadata from a Linux symbol table.

Constructor that accepts json_data.

get_symbols_sources()

Returns the symbols sources metadata

Return type:

List[Optional[Dict]]

get_types_sources()

Returns the types sources metadata

Return type:

List[Optional[Dict]]

class MacMetadata(json_data)[source]

Bases: PosixMetadata

Class to handle the metadata from a Mac symbol table.

Constructor that accepts json_data.

get_symbols_sources()

Returns the symbols sources metadata

Return type:

List[Optional[Dict]]

get_types_sources()

Returns the types sources metadata

Return type:

List[Optional[Dict]]

class PosixMetadata(json_data)[source]

Bases: MetadataInterface

Base class to handle metadata of Posix-based ISF sources

Constructor that accepts json_data.

get_symbols_sources()[source]

Returns the symbols sources metadata

Return type:

List[Optional[Dict]]

get_types_sources()[source]

Returns the types sources metadata

Return type:

List[Optional[Dict]]

class ProducerMetadata(json_data)[source]

Bases: MetadataInterface

Class to handle the Producer metadata from an ISF

Constructor that accepts json_data.

property datetime: datetime | None

Returns a timestamp for when the file was produced

property name: str | None
property version: Tuple[int, ...] | None

Returns the version of the ISF file producer

property version_string: str

Returns the ISF file producer’s version as a string. If no version is present, an empty string is returned.

class WindowsMetadata(json_data)[source]

Bases: MetadataInterface

Class to handle the metadata from a Windows symbol table.

Constructor that accepts json_data.

property pdb_age: int | None
property pdb_guid: str | None
property pe_version: Tuple[int, int, int] | Tuple[int, int, int, int] | None
property pe_version_string: str | None