volatility3.framework.renderers package

Renderers.

Renderers display the unified output format in some manner (be it text or file or graphical output

class ColumnSortKey(treegrid, column_name, ascending=True)[source]

Bases: ColumnSortKey

ascending: bool = True
class NotApplicableValue[source]

Bases: BaseAbsentValue

Class that represents values which are empty because they don’t make sense for this node.

class NotAvailableValue[source]

Bases: BaseAbsentValue

Class that represents values which cannot be provided now (but might in a future run)

This might occur when information packed with volatility (such as symbol information) is not available, but a future version or a different run may later have that information available (ie, it could be applicable, but we can’t get it and it’s not because it’s unreadable or unparsable). Unreadable and Unparsable should be used in preference, and only if neither fits should this be used.

RowStructureConstructor(names)[source]
class TreeGrid(columns, generator)[source]

Bases: TreeGrid

Class providing the interface for a TreeGrid (which contains TreeNodes)

The structure of a TreeGrid is designed to maintain the structure of the tree in a single object. For this reason each TreeNode does not hold its children, they are managed by the top level object. This leaves the Nodes as simple data carries and prevents them being used to manipulate the tree as a whole. This is a data structure, and is not expected to be modified much once created.

Carrying the children under the parent makes recursion easier, but then every node is its own little tree and must have all the supporting tree functions. It also allows for a node to be present in several different trees, and to create cycles.

Constructs a TreeGrid object using a specific set of columns.

The TreeGrid itself is a root element, that can have children but no values. The TreeGrid does not contain any information about formatting, these are up to the renderers and plugins.

Parameters:
base_types: ClassVar[Tuple] = (<class 'int'>, <class 'str'>, <class 'float'>, <class 'bytes'>, <class 'datetime.datetime'>, <class 'volatility3.framework.interfaces.renderers.Disassembly'>)
children(node)[source]

Returns the subnodes of a particular node in order.

Return type:

List[TreeNode]

property columns: List[Column]

Returns the available columns and their ordering and types.

is_ancestor(node, descendant)[source]

Returns true if descendent is a child, grandchild, etc of node.

max_depth()[source]

Returns the maximum depth of the tree.

static path_depth(node)[source]

Returns the path depth of a particular node.

Return type:

int

path_sep = '|'
populate(function=None, initial_accumulator=None, fail_on_errors=True)[source]

Populates the tree by consuming the TreeGrid’s construction generator Func is called on every node, so can be used to create output on demand.

This is equivalent to a one-time visit.

Parameters:
  • function (Callable[[TreeNode, TypeVar(_Type)], TypeVar(_Type)]) – The visitor to be called on each row of the treegrid

  • initial_accumulator (Any) – The initial value for an accumulator passed to the visitor to allow it to maintain state

  • fail_on_errors (bool) – A boolean defining whether exceptions should be caught or bubble up

Return type:

Optional[Exception]

property populated: bool

Indicates that population has completed and the tree may now be manipulated separately.

property row_count: int

Returns the number of rows populated.

static sanitize_name(text)[source]

Method used to sanitize column names for TreeNodes.

Return type:

str

values(node)[source]

Returns the values for a particular node.

The values returned are mutable,

visit(node, function, initial_accumulator, sort_key=None)[source]

Visits all the nodes in a tree, calling function on each one.

function should have the signature function(node, accumulator) and return new_accumulator If accumulators are not needed, the function must still accept a second parameter.

The order of that the nodes are visited is always depth first, however, the order children are traversed can be set based on a sort_key function which should accept a node’s values and return something that can be sorted to receive the desired order (similar to the sort/sorted key).

We use the private _find_children function so that we don’t have to re-traverse the tree for every node we descend further down

class TreeNode(path, treegrid, parent, values)[source]

Bases: TreeNode

Class representing a particular node in a tree grid.

Initializes the TreeNode.

asdict()[source]

Returns the contents of the node as a dictionary

Return type:

Dict[str, Any]

count(value) integer -- return number of occurrences of value
index(value[, start[, stop]]) integer -- return first index of value.

Raises ValueError if the value is not present.

Supporting start and stop arguments is optional, but recommended.

property parent: TreeNode | None

Returns the parent node of this node or None.

property path: str

Returns a path identifying string.

This should be seen as opaque by external classes, Parsing of path locations based on this string are not guaranteed to remain stable.

path_changed(path, added=False)[source]

Updates the path based on the addition or removal of a node higher up in the tree.

This should only be called by the containing TreeGrid and expects to only be called for affected nodes.

Return type:

None

property path_depth: int

Return the path depth of the current node.

property values: List[Type[int] | Type[str] | Type[float] | Type[bytes] | Type[datetime] | Type[BaseAbsentValue] | Type[Disassembly]]

Returns the list of values from the particular node, based on column index.

class UnparsableValue[source]

Bases: BaseAbsentValue

Class that represents values which are empty because the data cannot be interpreted correctly.

class UnreadableValue[source]

Bases: BaseAbsentValue

Class that represents values which are empty because the data cannot be read.

Submodules