volatility3.framework.interfaces.plugins module
Plugins are the functions of the volatility framework.
They are called and carry out some algorithms on data stored in layers using objects constructed from symbols.
- class FileHandlerInterface(filename)[source]
Bases:
RawIOBase
Class for storing Files in the plugin as a means to output a file when necessary.
This can be used as ContextManager that will close/produce the file automatically when exiting the context block
Creates a FileHandler
- Parameters:
filename (
str
) – The requested name of the filename for the data
- closed
- fileno()
Returns underlying file descriptor if one exists.
OSError is raised if the IO object does not use a file descriptor.
- flush()
Flush write buffers, if applicable.
This is not implemented for read-only and non-blocking streams.
- isatty()
Return whether this is an ‘interactive’ stream.
Return False if it can’t be determined.
- property preferred_filename
The preferred filename to save the data to. Until this file has been written, this value may not be the final filename the data is written to.
- read(size=-1, /)
- readable()
Return whether object was opened for reading.
If False, read() will raise OSError.
- readall()
Read until EOF, using multiple read() call.
- readinto()
- readline(size=-1, /)
Read and return a line from the stream.
If size is specified, at most size bytes will be read.
The line terminator is always b’n’ for binary files; for text files, the newlines argument to open can be used to select the line terminator(s) recognized.
- readlines(hint=-1, /)
Return a list of lines from the stream.
hint can be specified to control the number of lines read: no more lines will be read if the total size (in bytes/characters) of all lines so far exceeds hint.
- static sanitize_filename(filename)[source]
Sanititizes the filename to ensure only a specific whitelist of characters is allowed through
- Return type:
- seek(offset, whence=0, /)
Change the stream position to the given byte offset.
- offset
The stream position, relative to ‘whence’.
- whence
The relative position to seek from.
The offset is interpreted relative to the position indicated by whence. Values for whence are:
os.SEEK_SET or 0 – start of stream (the default); offset should be zero or positive
os.SEEK_CUR or 1 – current stream position; offset may be negative
os.SEEK_END or 2 – end of stream; offset is usually negative
Return the new absolute position.
- seekable()
Return whether object supports random access.
If False, seek(), tell() and truncate() will raise OSError. This method may need to do a test seek().
- tell()
Return current stream position.
- truncate()
Truncate file to size bytes.
File pointer is left unchanged. Size defaults to the current IO position as reported by tell(). Returns the new size.
- writable()
Return whether object was opened for writing.
If False, write() will raise OSError.
- write()
- writelines(lines, /)
Write a list of lines to stream.
Line separators are not added, so it is usual for each of the lines provided to have a line separator at the end.
- class PluginInterface(context, config_path, progress_callback=None)[source]
Bases:
ConfigurableInterface
,VersionableInterface
Class that defines the basic interface that all Plugins must maintain.
The constructor must only take a context and config_path, so that plugins can be launched automatically. As such all configuration information must be provided through the requirements and configuration information in the context it is passed.
- Parameters:
- build_configuration()
Constructs a HierarchicalDictionary of all the options required to build this component in the current context.
Ensures that if the class has been created, it can be recreated using the configuration built Inheriting classes must override this to ensure any dependent classes update their configurations too
- Return type:
- property config: HierarchicalDict
The Hierarchical configuration Dictionary for this Configurable object.
- property context: ContextInterface
The context object that this configurable belongs to/configuration is stored in.
- classmethod get_requirements()[source]
Returns a list of Requirement objects for this plugin.
- Return type:
- classmethod make_subconfig(context, base_config_path, **kwargs)
Convenience function to allow constructing a new randomly generated sub-configuration path, containing each element from kwargs.
- Parameters:
context (
ContextInterface
) – The context in which to store the new configurationbase_config_path (
str
) – The base configuration path on which to build the new configurationkwargs – Keyword arguments that are used to populate the new configuration path
- Returns:
The newly generated full configuration path
- Return type:
- property open
Returns a context manager and thus can be called like open
- abstract run()[source]
Executes the functionality of the code.
Note
This method expects self.validate to have been called to ensure all necessary options have been provided
- Return type:
- Returns:
A TreeGrid object that can then be passed to a Renderer.
- classmethod unsatisfied(context, config_path)
Returns a list of the names of all unsatisfied requirements.
Since a satisfied set of requirements will return [], it can be used in tests as follows:
unmet = configurable.unsatisfied(context, config_path) if unmet: raise RuntimeError("Unsatisfied requirements: {}".format(unmet)
- Return type:
- version = (0, 0, 0)