volatility3.framework.symbols.linux.extensions.network module

class bt_sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_protocol()[source]

Return type:: Optional[str]

get_state()[source]

Return type:: Optional[str]

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class in_device(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_addresses(max_devices=128)[source]

Yield the IPv4 ifaddr addresses

Yields:: in_ifaddr – An IPv4 ifaddr address
Return type:: Generator[ObjectInterface, None, None]

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class in_ifaddr(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_address()[source]

Get an string with the IPv4 address

Returns:: the IPv4 address
Return type:: str

get_prefix_len()[source]

Get the IPv4 address prefix len

Returns:: the IPv4 address prefix len
Return type:: int

get_scope_type()[source]

Get the scope type for this IPv4 address

Returns:: the IPv4 scope type.
Return type:: str

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class inet6_dev(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_addresses()[source]

Yield the IPv6 ifaddr addresses

Yields:: inet6_ifaddr – An IPv6 ifaddr address
Return type:: Generator[ObjectInterface, None, None]

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class inet6_ifaddr(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_address()[source]

Get an string with the IPv6 address

Returns:: the IPv6 address
Return type:: str

get_prefix_len()[source]

Get the IPv6 address prefix len

Returns:: the IPv6 address prefix len
Return type:: int

get_scope_type()[source]

Get the scope type for this IPv6 address

Returns:: the IPv6 scope type.
Return type:: str

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class inet_sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_dst_addr()[source]

Return type:: Optional[str]

get_dst_port()[source]

Return type:: Optional[int]

get_family()[source]

Return type:: str

get_protocol()[source]

Return type:: Optional[str]

get_src_addr()[source]

Return type:: Optional[str]

get_src_port()[source]

Return type:: Optional[int]

get_state()[source]

Return a string representing the sock state.

Return type:: str

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class net(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_inode()[source]

Get the namespace id for this network namespace.

Raises:: AttributeError – If it cannot find the network namespace id for the current kernel.
Returns:: the namespace id
Return type:: int

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class net_device(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_device_name()[source]

Return the network device name

Returns:: The network device name
Return type:: str

get_flag_names()[source]

Return the net_device flags as a list of strings. This is the combination of flags exported through kernel APIs to userspace. Based on dev_get_flags()

Returns:: A list of flag names
Return type:: List[str]

get_mac_address()[source]

Get the MAC address of this network interface.

Returns:: the MAC address of this network interface.
Return type:: str

get_net_namespace_id()[source]

Return the network namespace id for this network interface.

Returns:: the network namespace id for this network interface
Return type:: int

get_operational_state()[source]

Return the netwok device oprational state (RFC 2863) string

Returns:: A string with the operational state
Return type:: str

get_qdisc_name()[source]

Return the network device queuing discipline (qdisc) name

Returns:: A string with the queuing discipline (qdisc) name
Return type:: str

get_queue_length()[source]

Return the network device transmission queue length (qlen)

Returns:: the network device transmission queue length (qlen)
Return type:: int

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

is_carrier_ok()[source]

Check if carrier is present on network device Based on netif_carrier_ok()

Returns:: True if carrier present
Return type:: bool

is_dormant()[source]

Check if the network device is dormant Based on netif_dormant(()

Returns:: True if the network device is dormant
Return type:: bool

is_operational()[source]

Test if the carrier is operational Based on netif_oper_up()

Returns:: True if the device is UP
Return type:: bool

is_running()[source]

Test if the network device has been brought up Based on netif_running()

Returns:: True if the device is UP
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property promisc: bool

Return if this network interface is in promiscuous mode.

Returns:: True if this network interface is in promiscuous mode. Otherwise, False
Return type:: bool

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class netlink_sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_dst_portid()[source]

Return type:: int

get_portid()[source]

Return type:: int

get_protocol()[source]

Return type:: str

get_state()[source]

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class packet_sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_protocol()[source]

Return type:: Optional[str]

get_state()[source]

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_family()[source]

Return type:: str

get_inode()[source]

Return type:: int

get_protocol()[source]

Return type:: Optional[str]

get_state()[source]

Return type:: str

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

get_type()[source]

Return type:: str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class socket(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_inode()[source]

Return type:: int

get_state()[source]

Return type:: str

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class unix_sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_inode()[source]

Return type:: int

get_name()[source]

Return type:: Optional[str]

get_protocol()[source]

Return type:: Optional[str]

get_state()[source]

Return a string representing the sock state.

Return type:: str

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class vsock_sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_protocol()[source]

get_state()[source]

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.

class xdp_sock(context, type_name, object_info, size, members)[source]

Bases: StructType

Constructs an Object adhering to the ObjectInterface.

Parameters:

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy

Bases: VolTemplateProxy

classmethod child_template(template, child)

Returns the template of a child to its parent.

Return type:: Template

classmethod children(template)

Method to list children of a template.

Return type:: List[Template]

classmethod has_member(template, member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

classmethod relative_child_offset(template, child)

Returns the relative offset of a child to its parent.

Return type:: int

classmethod replace_child(template, old_child, new_child)

Replace a child elements within the arguments handed to the template.

Return type:: None

classmethod size(template)

Method to return the size of this type.

Return type:: int

cast(new_type_name, **additional)

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

Return type:: ObjectInterface

get_protocol()[source]

get_state()[source]

get_symbol_table_name()

Returns the symbol table name for this particular object.

Raises:

ValueError – If the object’s symbol does not contain an explicit table
KeyError – If the table_name is not valid within the object’s context

Return type:

str

has_member(member_name)

Returns whether the object would contain a member called member_name.

Return type:: bool

has_valid_member(member_name)

Returns whether the dereferenced type has a valid member.

Parameters:: member_name (str) – Name of the member to test access to determine if the member is valid or not
Return type:: bool

has_valid_members(member_names)

Returns whether the object has all of the members listed in member_names

Parameters:: member_names (List[str]) – List of names to test as to members with those names validity
Return type:: bool

member(attr='member')

Specifically named method for retrieving members.

Return type:: object

property vol: ReadOnlyMapping: Returns the volatility specific object information.

write(value): Writes the new value into the format at the offset the object currently resides at.