volatility3.framework.interfaces.renderers module¶
All plugins output a TreeGrid object which must then be rendered (eithe by a GUI, or as text output, html output or in some other form.
This module defines both the output format (TreeGrid
) and the
renderer interface which can interact with a TreeGrid to produce
suitable output.
-
class
BaseAbsentValue
[source]¶ Bases:
object
Class that represents values which are not present for some reason.
-
class
Column
(name, type)¶ Bases:
tuple
Create new instance of Column(name, type)
-
count
(value, /)¶ Return number of occurrences of value.
-
index
(value, start=0, stop=9223372036854775807, /)¶ Return first index of value.
Raises ValueError if the value is not present.
-
property
name
¶ Alias for field number 0
-
property
type
¶ Alias for field number 1
-
-
class
Disassembly
(data, offset=0, architecture='intel64')[source]¶ Bases:
object
A class to indicate that the bytes provided should be disassembled (based on the architecture)
-
possible_architectures
= ['intel', 'intel64', 'arm', 'arm64']¶
-
-
class
Renderer
(options=None)[source]¶ Bases:
object
Class that defines the interface that all output renderers must support.
Accepts an options object to configure the renderers.
-
class
TreeGrid
(columns, generator)[source]¶ Bases:
object
Class providing the interface for a TreeGrid (which contains TreeNodes)
The structure of a TreeGrid is designed to maintain the structure of the tree in a single object. For this reason each TreeNode does not hold its children, they are managed by the top level object. This leaves the Nodes as simple data carries and prevents them being used to manipulate the tree as a whole. This is a data structure, and is not expected to be modified much once created.
Carrying the children under the parent makes recursion easier, but then every node is its own little tree and must have all the supporting tree functions. It also allows for a node to be present in several different trees, and to create cycles.
Constructs a TreeGrid object using a specific set of columns.
The TreeGrid itself is a root element, that can have children but no values. The TreeGrid does not contain any information about formatting, these are up to the renderers and plugins.
- Parameters
columns (
List
[Tuple
[str
,Union
[Type
[int
],Type
[str
],Type
[float
],Type
[bytes
],Type
[datetime
],Type
[BaseAbsentValue
],Type
[Disassembly
]]]]) – A list of column tuples made up of (name, type).generator (
Generator
) – An iterable containing row for a tree grid, each row contains a indent level followed by the values for each column in order.
-
base_types
= (<class 'int'>, <class 'str'>, <class 'float'>, <class 'bytes'>, <class 'datetime.datetime'>, <class 'volatility3.framework.interfaces.renderers.Disassembly'>)¶
-
abstract property
columns
¶ Returns the available columns and their ordering and types.
-
abstract
is_ancestor
(node, descendant)[source]¶ Returns true if descendent is a child, grandchild, etc of node.
- Return type
-
abstract
populate
(function=None, initial_accumulator=None, fail_on_errors=True)[source]¶ Populates the tree by consuming the TreeGrid’s construction generator Func is called on every node, so can be used to create output on demand.
This is equivalent to a one-time visit.
-
abstract property
populated
¶ Indicates that population has completed and the tree may now be manipulated separately.
- Return type
-
abstract static
sanitize_name
(text)[source]¶ Method used to sanitize column names for TreeNodes.
- Return type
-
abstract
values
(node)[source]¶ Returns the values for a particular node.
The values returned are mutable,
-
abstract
visit
(node, function, initial_accumulator, sort_key=None)[source]¶ Visits all the nodes in a tree, calling function on each one.
function should have the signature function(node, accumulator) and return new_accumulator If accumulators are not needed, the function must still accept a second parameter.
The order of that the nodes are visited is always depth first, however, the order children are traversed can be set based on a sort_key function which should accept a node’s values and return something that can be sorted to receive the desired order (similar to the sort/sorted key).
If node is None, then the root node is used.
- Parameters
function (
Callable
[[TreeNode
, ~_Type], ~_Type]) – The visitor to apply to the nodes under the initial nodeinitial_accumulator (~_Type) – An accumulator that allows data to be transfered between one visitor call to the next
sort_key (
Optional
[ColumnSortKey
]) – Information about the sort order of columns in order to determine the ordering of results
- Return type
-
class
TreeNode
(path, treegrid, parent, values)[source]¶ Bases:
collections.abc.Sequence
Initializes the TreeNode.
-
count
(value) → integer – return number of occurrences of value¶
-
index
(value[, start[, stop]]) → integer – return first index of value.¶ Raises ValueError if the value is not present.
Supporting start and stop arguments is optional, but recommended.
-
abstract property
parent
¶ Returns the parent node of this node or None.
-
abstract property
path
¶ Returns a path identifying string.
This should be seen as opaque by external classes, Parsing of path locations based on this string are not guaranteed to remain stable.
- Return type
-