volatility3.cli.volshell.mac module¶
-
class
Volshell
(*args, **kwargs)[source]¶ Bases:
volatility3.cli.volshell.generic.Volshell
Shell environment to directly interact with a mac memory image.
Args: context: The context that the plugin will operate within config_path: The path to configuration data within the context configuration data progress_callback: A callable that can provide feedback at progress points
-
build_configuration
()¶ Constructs a HierarchicalDictionary of all the options required to build this component in the current context.
Ensures that if the class has been created, it can be recreated using the configuration built Inheriting classes must override this to ensure any dependent classes update their configurations too
- Return type
-
property
config
¶ The Hierarchical configuration Dictionary for this Configurable object.
- Return type
-
construct_locals
()[source]¶ Returns a dictionary listing the functions to be added to the environment.
-
property
context
¶ The context object that this configurable belongs to/configuration is stored in.
- Return type
-
create_configurable
(clazz, **kwargs)[source]¶ Creates a configurable object, converting arguments to configuration
-
property
current_layer
¶
-
disassemble
(offset, count=128, layer_name=None, architecture=None)[source]¶ Disassembles a number of instructions from the code at offset
-
display_bytes
(offset, count=128, layer_name=None)[source]¶ Displays byte values and ASCII characters
-
display_doublewords
(offset, count=128, layer_name=None)[source]¶ Displays double-word values (4 bytes) and corresponding ASCII characters
-
display_plugin_output
(plugin, **kwargs)[source]¶ Displays the output for a particular plugin (with keyword arguments)
- Return type
-
display_quadwords
(offset, count=128, layer_name=None)[source]¶ Displays quad-word values (8 bytes) and corresponding ASCII characters
-
display_symbols
(symbol_table=None)[source]¶ Prints an alphabetical list of symbols for a symbol table
-
display_type
(object, offset=None)[source]¶ Display Type describes the members of a particular object in alphabetical order
-
display_words
(offset, count=128, layer_name=None)[source]¶ Displays word values (2 bytes) and corresponding ASCII characters
-
generate_treegrid
(plugin, **kwargs)[source]¶ Generates a TreeGrid based on a specific plugin passing in kwarg configuration values
-
load_file
(location=None, filename='')[source]¶ Loads a file into a Filelayer and returns the name of the layer
-
classmethod
make_subconfig
(context, base_config_path, **kwargs)¶ Convenience function to allow constructing a new randomly generated sub-configuration path, containing each element from kwargs.
- Parameters
context (
ContextInterface
) – The context in which to store the new configurationbase_config_path (
str
) – The base configuration path on which to build the new configurationkwargs – Keyword arguments that are used to populate the new configuration path
- Returns
The newly generated full configuration path
- Return type
-
property
open
¶ Returns a context manager and thus can be called like open
-
render_treegrid
(treegrid, renderer=None)[source]¶ Renders a treegrid as produced by generate_treegrid
- Return type
-
run
(additional_locals=None)[source]¶ Runs the interactive volshell plugin.
- Return type
- Returns
Return a TreeGrid but this is always empty since the point of this plugin is to run interactively
-
classmethod
unsatisfied
(context, config_path)¶ Returns a list of the names of all unsatisfied requirements.
Since a satisfied set of requirements will return [], it can be used in tests as follows:
unmet = configurable.unsatisfied(context, config_path) if unmet: raise RuntimeError("Unsatisfied requirements: {}".format(unmet)
- Return type
-
version
= (0, 0, 0)¶
-