volatility3.cli.volshell package

class VolShell

Bases: CommandLine

Program to allow interactive interaction with a memory image.

This allows a memory image to be examined through an interactive python terminal with all the volatility support calls available.

CLI_NAME = '__main__.py'

file_handler_class_factory(direct=True)

load_system_defaults(filename)

Modify the main configuration based on the default configuration override

Return type:

Tuple[List[Tuple[int, str]], Dict[str, Any]]

classmethod location_from_file(filename)

Returns the URL location from a file parameter (which may be a URL)

Parameters:

filename (str) – The path to the file (either an absolute, relative, or URL path)

Return type:

str

Returns:

The URL for the location of the file

order_extra_verbose_levels()

populate_config(context, configurables_list, args, plugin_config_path)

Populate the context config based on the returned args.

We have already determined these elements must be descended from ConfigurableInterface

Parameters:

• context (ContextInterface) – The volatility3 context to operate on

• configurables_list (Dict[str, Type[ConfigurableInterface]]) – A dictionary of configurable items that can be configured on the plugin

• args (Namespace) – An object containing the arguments necessary

• plugin_config_path (str) – The path within the context’s config containing the plugin’s configuration

Return type:

None

populate_requirements_argparse(parser, configurable)

Adds the plugin’s simple requirements to the provided parser.

Parameters:

• parser (Union[ArgumentParser, _ArgumentGroup]) – The parser to add the plugin’s (simple) requirements to

• configurable (Type[ConfigurableInterface]) – The plugin object to pull the requirements from

process_exceptions(excp)

Provide useful feedback if an exception occurs during a run of a plugin.

process_unsatisfied_exceptions(excp)

Provide useful feedback if an exception occurs during requirement fulfillment.

run()

Executes the command line module, taking the system arguments, determining the plugin to run and then running it.

classmethod setup_logging()

main()

A convenience function for constructing and running the CommandLine’s run method.

Submodules

• volatility3.cli.volshell.generic module
  • NullFileHandler
    • NullFileHandler.close()
    • NullFileHandler.closed
    • NullFileHandler.detach()
    • NullFileHandler.fileno()
    • NullFileHandler.flush()
    • NullFileHandler.getbuffer()
    • NullFileHandler.getvalue()
    • NullFileHandler.isatty()
    • NullFileHandler.preferred_filename
    • NullFileHandler.read()
    • NullFileHandler.read1()
    • NullFileHandler.readable()
    • NullFileHandler.readall()
    • NullFileHandler.readinto()
    • NullFileHandler.readinto1()
    • NullFileHandler.readline()
    • NullFileHandler.readlines()
    • NullFileHandler.sanitize_filename()
    • NullFileHandler.seek()
    • NullFileHandler.seekable()
    • NullFileHandler.tell()
    • NullFileHandler.truncate()
    • NullFileHandler.writable()
    • NullFileHandler.write()
    • NullFileHandler.writelines()
  • Volshell
    • Volshell.DEFAULT_NUM_DISPLAY_BYTES
    • Volshell.breakpoint()
    • Volshell.breakpoint_clear()
    • Volshell.breakpoint_list()
    • Volshell.build_configuration()
    • Volshell.change_kernel()
    • Volshell.change_layer()
    • Volshell.change_symbol_table()
    • Volshell.config
    • Volshell.config_path
    • Volshell.construct_locals()
    • Volshell.context
    • Volshell.create_configurable()
    • Volshell.current_kernel_name
    • Volshell.current_layer
    • Volshell.current_symbol_table
    • Volshell.disassemble()
    • Volshell.display_bytes()
    • Volshell.display_doublewords()
    • Volshell.display_plugin_output()
    • Volshell.display_quadwords()
    • Volshell.display_symbols()
    • Volshell.display_type()
    • Volshell.display_words()
    • Volshell.generate_treegrid()
    • Volshell.get_requirements()
    • Volshell.help()
    • Volshell.kernel
    • Volshell.load_file()
    • Volshell.make_subconfig()
    • Volshell.open
    • Volshell.random_string()
    • Volshell.regex_scan()
    • Volshell.render_treegrid()
    • Volshell.run()
    • Volshell.run_script()
    • Volshell.set_open_method()
    • Volshell.unsatisfied()
    • Volshell.version
• volatility3.cli.volshell.linux module
  • DescExitStateEnum
    • DescExitStateEnum.EXIT_DEAD
    • DescExitStateEnum.EXIT_TRACE
    • DescExitStateEnum.EXIT_ZOMBIE
    • DescExitStateEnum.TASK_RUNNING
  • Volshell
    • Volshell.DEFAULT_NUM_DISPLAY_BYTES
    • Volshell.breakpoint()
    • Volshell.breakpoint_clear()
    • Volshell.breakpoint_list()
    • Volshell.build_configuration()
    • Volshell.change_kernel()
    • Volshell.change_layer()
    • Volshell.change_symbol_table()
    • Volshell.change_task()
    • Volshell.config
    • Volshell.config_path
    • Volshell.construct_locals()
    • Volshell.context
    • Volshell.create_configurable()
    • Volshell.current_kernel_name
    • Volshell.current_layer
    • Volshell.current_symbol_table
    • Volshell.disassemble()
    • Volshell.display_bytes()
    • Volshell.display_doublewords()
    • Volshell.display_plugin_output()
    • Volshell.display_quadwords()
    • Volshell.display_symbols()
    • Volshell.display_type()
    • Volshell.display_words()
    • Volshell.generate_treegrid()
    • Volshell.get_process()
    • Volshell.get_requirements()
    • Volshell.help()
    • Volshell.kernel
    • Volshell.list_tasks()
    • Volshell.load_file()
    • Volshell.make_subconfig()
    • Volshell.open
    • Volshell.random_string()
    • Volshell.regex_scan()
    • Volshell.render_treegrid()
    • Volshell.run()
    • Volshell.run_script()
    • Volshell.set_open_method()
    • Volshell.unsatisfied()
    • Volshell.version
• volatility3.cli.volshell.mac module
  • Volshell
    • Volshell.DEFAULT_NUM_DISPLAY_BYTES
    • Volshell.breakpoint()
    • Volshell.breakpoint_clear()
    • Volshell.breakpoint_list()
    • Volshell.build_configuration()
    • Volshell.change_kernel()
    • Volshell.change_layer()
    • Volshell.change_symbol_table()
    • Volshell.change_task()
    • Volshell.config
    • Volshell.config_path
    • Volshell.construct_locals()
    • Volshell.context
    • Volshell.create_configurable()
    • Volshell.current_kernel_name
    • Volshell.current_layer
    • Volshell.current_symbol_table
    • Volshell.disassemble()
    • Volshell.display_bytes()
    • Volshell.display_doublewords()
    • Volshell.display_plugin_output()
    • Volshell.display_quadwords()
    • Volshell.display_symbols()
    • Volshell.display_type()
    • Volshell.display_words()
    • Volshell.generate_treegrid()
    • Volshell.get_requirements()
    • Volshell.help()
    • Volshell.kernel
    • Volshell.list_tasks()
    • Volshell.load_file()
    • Volshell.make_subconfig()
    • Volshell.open
    • Volshell.random_string()
    • Volshell.regex_scan()
    • Volshell.render_treegrid()
    • Volshell.run()
    • Volshell.run_script()
    • Volshell.set_open_method()
    • Volshell.unsatisfied()
    • Volshell.version
• volatility3.cli.volshell.windows module
  • Volshell
    • Volshell.DEFAULT_NUM_DISPLAY_BYTES
    • Volshell.breakpoint()
    • Volshell.breakpoint_clear()
    • Volshell.breakpoint_list()
    • Volshell.build_configuration()
    • Volshell.change_kernel()
    • Volshell.change_layer()
    • Volshell.change_process()
    • Volshell.change_symbol_table()
    • Volshell.config
    • Volshell.config_path
    • Volshell.construct_locals()
    • Volshell.context
    • Volshell.create_configurable()
    • Volshell.current_kernel_name
    • Volshell.current_layer
    • Volshell.current_symbol_table
    • Volshell.disassemble()
    • Volshell.display_bytes()
    • Volshell.display_doublewords()
    • Volshell.display_plugin_output()
    • Volshell.display_quadwords()
    • Volshell.display_symbols()
    • Volshell.display_type()
    • Volshell.display_words()
    • Volshell.generate_treegrid()
    • Volshell.get_process()
    • Volshell.get_requirements()
    • Volshell.help()
    • Volshell.kernel
    • Volshell.list_processes()
    • Volshell.load_file()
    • Volshell.make_subconfig()
    • Volshell.open
    • Volshell.random_string()
    • Volshell.regex_scan()
    • Volshell.render_treegrid()
    • Volshell.run()
    • Volshell.run_script()
    • Volshell.set_open_method()
    • Volshell.unsatisfied()
    • Volshell.version