volatility3.framework.renderers package
Renderers.
Renderers display the unified output format in some manner (be it text or file or graphical output
- class ColumnSortKey(treegrid, column_name, ascending=True)[source]
Bases:
ColumnSortKey
- class NotApplicableValue[source]
Bases:
BaseAbsentValue
Class that represents values which are empty because they don’t make sense for this node.
- class NotAvailableValue[source]
Bases:
BaseAbsentValue
Class that represents values which cannot be provided now (but might in a future run)
This might occur when information packed with volatility (such as symbol information) is not available, but a future version or a different run may later have that information available (ie, it could be applicable, but we can’t get it and it’s not because it’s unreadable or unparsable). Unreadable and Unparsable should be used in preference, and only if neither fits should this be used.
- class TreeGrid(columns, generator)[source]
Bases:
TreeGrid
Class providing the interface for a TreeGrid (which contains TreeNodes)
The structure of a TreeGrid is designed to maintain the structure of the tree in a single object. For this reason each TreeNode does not hold its children, they are managed by the top level object. This leaves the Nodes as simple data carries and prevents them being used to manipulate the tree as a whole. This is a data structure, and is not expected to be modified much once created.
Carrying the children under the parent makes recursion easier, but then every node is its own little tree and must have all the supporting tree functions. It also allows for a node to be present in several different trees, and to create cycles.
Constructs a TreeGrid object using a specific set of columns.
The TreeGrid itself is a root element, that can have children but no values. The TreeGrid does not contain any information about formatting, these are up to the renderers and plugins.
- Parameters:
columns (
List
[Tuple
[str
,Union
[Type
[int
],Type
[str
],Type
[float
],Type
[bytes
],Type
[datetime
],Type
[BaseAbsentValue
],Type
[Disassembly
]]]]) – A list of column tuples made up of (name, type).generator (
Optional
[Iterable
[Tuple
[int
,Tuple
]]]) – An iterable containing row for a tree grid, each row contains a indent level followed by the values for each column in order.
- base_types: ClassVar[Tuple] = (<class 'int'>, <class 'str'>, <class 'float'>, <class 'bytes'>, <class 'datetime.datetime'>, <class 'volatility3.framework.interfaces.renderers.Disassembly'>)
- is_ancestor(node, descendant)[source]
Returns true if descendent is a child, grandchild, etc of node.
- path_sep = '|'
- populate(function=None, initial_accumulator=None, fail_on_errors=True)[source]
Populates the tree by consuming the TreeGrid’s construction generator Func is called on every node, so can be used to create output on demand.
This is equivalent to a one-time visit.
- Parameters:
function (
Callable
[[TreeNode
,TypeVar
(_Type
)],TypeVar
(_Type
)]) – The visitor to be called on each row of the treegridinitial_accumulator (
Any
) – The initial value for an accumulator passed to the visitor to allow it to maintain statefail_on_errors (
bool
) – A boolean defining whether exceptions should be caught or bubble up
- Return type:
- property populated: bool
Indicates that population has completed and the tree may now be manipulated separately.
- static sanitize_name(text)[source]
Method used to sanitize column names for TreeNodes.
- Return type:
- visit(node, function, initial_accumulator, sort_key=None)[source]
Visits all the nodes in a tree, calling function on each one.
function should have the signature function(node, accumulator) and return new_accumulator If accumulators are not needed, the function must still accept a second parameter.
The order of that the nodes are visited is always depth first, however, the order children are traversed can be set based on a sort_key function which should accept a node’s values and return something that can be sorted to receive the desired order (similar to the sort/sorted key).
We use the private _find_children function so that we don’t have to re-traverse the tree for every node we descend further down
- class TreeNode(path, treegrid, parent, values)[source]
Bases:
TreeNode
Class representing a particular node in a tree grid.
Initializes the TreeNode.
- count(value) integer -- return number of occurrences of value
- index(value[, start[, stop]]) integer -- return first index of value.
Raises ValueError if the value is not present.
Supporting start and stop arguments is optional, but recommended.
- property path: str
Returns a path identifying string.
This should be seen as opaque by external classes, Parsing of path locations based on this string are not guaranteed to remain stable.
- class UnparsableValue[source]
Bases:
BaseAbsentValue
Class that represents values which are empty because the data cannot be interpreted correctly.
- class UnreadableValue[source]
Bases:
BaseAbsentValue
Class that represents values which are empty because the data cannot be read.
Submodules
- volatility3.framework.renderers.conversion module
- volatility3.framework.renderers.format_hints module
Bin
BinOrAbsent()
Hex
HexBytes
HexBytes.capitalize()
HexBytes.center()
HexBytes.count()
HexBytes.decode()
HexBytes.endswith()
HexBytes.expandtabs()
HexBytes.find()
HexBytes.fromhex()
HexBytes.hex()
HexBytes.index()
HexBytes.isalnum()
HexBytes.isalpha()
HexBytes.isascii()
HexBytes.isdigit()
HexBytes.islower()
HexBytes.isspace()
HexBytes.istitle()
HexBytes.isupper()
HexBytes.join()
HexBytes.ljust()
HexBytes.lower()
HexBytes.lstrip()
HexBytes.maketrans()
HexBytes.partition()
HexBytes.removeprefix()
HexBytes.removesuffix()
HexBytes.replace()
HexBytes.rfind()
HexBytes.rindex()
HexBytes.rjust()
HexBytes.rpartition()
HexBytes.rsplit()
HexBytes.rstrip()
HexBytes.split()
HexBytes.splitlines()
HexBytes.startswith()
HexBytes.strip()
HexBytes.swapcase()
HexBytes.title()
HexBytes.translate()
HexBytes.upper()
HexBytes.zfill()
HexBytesOrAbsent()
HexOrAbsent()
MultiTypeData
MultiTypeData.capitalize()
MultiTypeData.center()
MultiTypeData.count()
MultiTypeData.decode()
MultiTypeData.endswith()
MultiTypeData.expandtabs()
MultiTypeData.find()
MultiTypeData.fromhex()
MultiTypeData.hex()
MultiTypeData.index()
MultiTypeData.isalnum()
MultiTypeData.isalpha()
MultiTypeData.isascii()
MultiTypeData.isdigit()
MultiTypeData.islower()
MultiTypeData.isspace()
MultiTypeData.istitle()
MultiTypeData.isupper()
MultiTypeData.join()
MultiTypeData.ljust()
MultiTypeData.lower()
MultiTypeData.lstrip()
MultiTypeData.maketrans()
MultiTypeData.partition()
MultiTypeData.removeprefix()
MultiTypeData.removesuffix()
MultiTypeData.replace()
MultiTypeData.rfind()
MultiTypeData.rindex()
MultiTypeData.rjust()
MultiTypeData.rpartition()
MultiTypeData.rsplit()
MultiTypeData.rstrip()
MultiTypeData.split()
MultiTypeData.splitlines()
MultiTypeData.startswith()
MultiTypeData.strip()
MultiTypeData.swapcase()
MultiTypeData.title()
MultiTypeData.translate()
MultiTypeData.upper()
MultiTypeData.zfill()
MultiTypeDataOrAbsent()