volatility3.framework.symbols.native module
- class NativeTable(name, native_dictionary)[source]
Bases:
NativeTableInterface
Symbol List that handles Native types.
- Parameters:
name (
str
) – Name of the symbol tablenative_types – The native symbol table used to resolve any base/native types
table_mapping – A dictionary mapping names of tables (which when present within the table will be changed to the mapped table)
class_types – A dictionary of types and classes that should be instantiated instead of Struct to construct them
- del_type_class(name)
Removes the associated class override for a specific Symbol type.
- Return type:
- get_symbol(name)
Resolves a symbol name into a symbol object.
If the symbol isn’t found, it raises a SymbolError exception
- Return type:
- get_symbol_type(name)
Resolves a symbol name into a symbol and then resolves the symbol’s type.
- get_symbols_by_location(offset, size=0)
Returns the name of all symbols in this table that live at a particular offset.
- get_symbols_by_type(type_name)
Returns the name of all symbols in this table that have type matching type_name.
- get_type(type_name)[source]
Resolves a symbol name into an object template.
This always construct a new python object, rather than using a cached value otherwise changes made later may affect the cached copy. Calling clone after every native type construction was extremely slow.
- Return type:
- property natives: NativeTableInterface
Returns None or a NativeTable for handling space specific native types.
- optional_set_type_class(name, clazz)
Calls the set_type_class function but does not throw an exception. Returns whether setting the type class was successful. :type name:
str
:param name: The name of the type to override the class for :type clazz:Type
[ObjectInterface
] :param clazz: The actual class to override for the provided type name- Return type:
- set_type_class(name, clazz)
Overrides the object class for a specific Symbol type.
Name must be present in self.types
- Parameters:
name (
str
) – The name of the type to override the class forclazz (
Type
[ObjectInterface
]) – The actual class to override for the provided type name
- Return type: