 |
The Volatility Framework
|
|
|
The Volatility Framework
|
|
This must live here, otherwise there are circular dependency issues. More...
Public Member Functions | |
| def | __init__ |
| def | applied_modifications (self) |
| def | clear (self) |
| Clears out the input vtypes and object_classes, and only the base object types. | |
| def | reset (self) |
| Resets the profile's vtypes to those automatically loaded. | |
| def | load_vtypes (self) |
| Identifies the module from which to load the vtypes. More... | |
| def | load_modifications (self) |
| Find all subclasses of the modification type and applies them. More... | |
| def | compile (self) |
| Compiles the vtypes, overlays, object_classes, etc into a types dictionary. More... | |
| def | metadata (self) |
| Returns a read-only dictionary copy of the metadata associated with a profile. | |
| def | has_type (self, theType) |
| Returns a simple check of whether the type is in the profile. | |
| def | get_obj_offset (self, name, member) |
| Returns a members offset within the struct. | |
| def | get_obj_size (self, name) |
| Returns the size of a struct. | |
| def | obj_has_member (self, name, member) |
| Returns whether an object has a certain member. | |
| def | merge_overlay (self, overlay) |
| Applies an overlay to the profile's vtypes. | |
| def | add_types |
| Add in a deprecated function that mimics the previous add_types function. | |
| def | apply_overlay (self, args, kwargs) |
| Calls the old apply_overlay function with a deprecation warning. | |
Public Attributes | |
| strict | |
| types | |
| object_classes | |
| native_types | |
| additional | |
| vtypes | |
Static Public Attributes | |
| dictionary | native_mapping |
This must live here, otherwise there are circular dependency issues.
The Profile relies on several classes in obj.py, because it needs to parse legacy list formats into appropriate types Leaving a deprecated obj.Profile object would create a circular dependency Profiles are the interface for creating/interpreting objects
| def volatility.obj.Profile.compile | ( | self | ) |
Compiles the vtypes, overlays, object_classes, etc into a types dictionary.
We populate as we go, so that _list_to_type can refer to existing classes rather than Curry everything. If the compile fails, the profile will be left in a bad/unusable state
| def volatility.obj.Profile.load_modifications | ( | self | ) |
Find all subclasses of the modification type and applies them.
Each modification object can specify the metadata with which it can work Allowing the overlay to decide which profile it should act on
| def volatility.obj.Profile.load_vtypes | ( | self | ) |
Identifies the module from which to load the vtypes.
Eventually this could do the importing directly, and avoid having the profiles loaded in memory all at once.
|
static |
1.8.9.1