volatility3.framework.interfaces.renderers module
All plugins output a TreeGrid object which must then be rendered (either by a GUI, or as text output, html output or in some other form.
This module defines both the output format (TreeGrid
) and the
renderer interface which can interact with a TreeGrid to produce
suitable output.
- class BaseAbsentValue[source]
Bases:
object
Class that represents values which are not present for some reason.
- class Column(name, type)
Bases:
tuple
Create new instance of Column(name, type)
- count(value, /)
Return number of occurrences of value.
- index(value, start=0, stop=9223372036854775807, /)
Return first index of value.
Raises ValueError if the value is not present.
- class Disassembly(data, offset=0, architecture='intel64')[source]
Bases:
object
A class to indicate that the bytes provided should be disassembled (based on the architecture)
- possible_architectures = ['intel', 'intel64', 'arm', 'arm64']
- class Renderer(options=None)[source]
Bases:
object
Class that defines the interface that all output renderers must support.
Accepts an options object to configure the renderers.
- class TreeGrid(columns, generator)[source]
Bases:
object
Class providing the interface for a TreeGrid (which contains TreeNodes)
The structure of a TreeGrid is designed to maintain the structure of the tree in a single object. For this reason each TreeNode does not hold its children, they are managed by the top level object. This leaves the Nodes as simple data carries and prevents them being used to manipulate the tree as a whole. This is a data structure, and is not expected to be modified much once created.
Carrying the children under the parent makes recursion easier, but then every node is its own little tree and must have all the supporting tree functions. It also allows for a node to be present in several different trees, and to create cycles.
Constructs a TreeGrid object using a specific set of columns.
The TreeGrid itself is a root element, that can have children but no values. The TreeGrid does not contain any information about formatting, these are up to the renderers and plugins.
- Parameters:
columns (
List
[Tuple
[str
,Union
[Type
[int
],Type
[str
],Type
[float
],Type
[bytes
],Type
[datetime
],Type
[BaseAbsentValue
],Type
[Disassembly
]]]]) – A list of column tuples made up of (name, type).generator (
Generator
) – An iterable containing row for a tree grid, each row contains a indent level followed by the values for each column in order.
-
base_types:
ClassVar
[Tuple
] = (<class 'int'>, <class 'str'>, <class 'float'>, <class 'bytes'>, <class 'datetime.datetime'>, <class 'volatility3.framework.interfaces.renderers.Disassembly'>)
- abstract property columns: List[Column]
Returns the available columns and their ordering and types.
- abstract is_ancestor(node, descendant)[source]
Returns true if descendent is a child, grandchild, etc of node.
- Return type:
- abstract populate(function=None, initial_accumulator=None, fail_on_errors=True)[source]
Populates the tree by consuming the TreeGrid’s construction generator Func is called on every node, so can be used to create output on demand.
This is equivalent to a one-time visit.
- abstract property populated: bool
Indicates that population has completed and the tree may now be manipulated separately.
- abstract static sanitize_name(text)[source]
Method used to sanitize column names for TreeNodes.
- Return type:
- abstract values(node)[source]
Returns the values for a particular node.
The values returned are mutable,
- abstract visit(node, function, initial_accumulator, sort_key=None)[source]
Visits all the nodes in a tree, calling function on each one.
function should have the signature function(node, accumulator) and return new_accumulator If accumulators are not needed, the function must still accept a second parameter.
The order of that the nodes are visited is always depth first, however, the order children are traversed can be set based on a sort_key function which should accept a node’s values and return something that can be sorted to receive the desired order (similar to the sort/sorted key).
If node is None, then the root node is used.
- Parameters:
function (
Callable
[[TreeNode
,TypeVar
(_Type
)],TypeVar
(_Type
)]) – The visitor to apply to the nodes under the initial nodeinitial_accumulator (
TypeVar
(_Type
)) – An accumulator that allows data to be transferred between one visitor call to the nextsort_key (
ColumnSortKey
) – Information about the sort order of columns in order to determine the ordering of results
- Return type:
- class TreeNode(path, treegrid, parent, values)[source]
Bases:
Sequence
Initializes the TreeNode.
- count(value) integer -- return number of occurrences of value
- index(value[, start[, stop]]) integer -- return first index of value.
Raises ValueError if the value is not present.
Supporting start and stop arguments is optional, but recommended.
- abstract property path: str
Returns a path identifying string.
This should be seen as opaque by external classes, Parsing of path locations based on this string are not guaranteed to remain stable.