volatility.obj.BaseObject Class Reference

Inheritance diagram for volatility.obj.BaseObject:

Public Member Functions
def	__init__ (self, theType, offset, vm, native_vm=None, parent=None, name=None, kwargs)
def	obj_type (self)
def	obj_vm (self)
def	obj_offset (self)
def	obj_parent (self)
def	obj_name (self)
def	obj_native_vm (self)
def	set_native_vm (self, native_vm)
	Sets the native_vm.
def	rebase (self, offset)
def	proxied (self, attr)
def	newattr (self, attr, value)
	Sets a new attribute after the object has been created.
def	write (self, value)
	Function for writing the object back to disk.
def	__getattr__ (self, attr)
	This is only useful for proper methods (not ones that start with __ )
def	__setattr__ (self, attr, value)
def	__nonzero__ (self)
	This method is called when we test the truth value of an Object. More...
def	__eq__ (self, other)
def	__ne__ (self, other)
def	__hash__ (self)
def	m (self, memname)
def	is_valid (self)
def	dereference (self)
def	dereference_as (self, derefType, kwargs)
def	cast (self, castString)
def	v (self)
	Do the actual reading and decoding of this member.
def	__format__ (self, formatspec)
def	__str__ (self)
def	__repr__ (self)
def	d (self)
	Display diagnostic information.
def	__getstate__ (self)
	This controls how we pickle and unpickle the objects.
def	__setstate__ (self, state)

Public Attributes
	obj_offset
	obj_vm

Member Function Documentation

def volatility.obj.BaseObject.__nonzero__

(

self

)

This method is called when we test the truth value of an Object.

In volatility we consider an object to have True truth value only when its a valid object. Its possible for example to have a Pointer object which is not valid - this will have a truth value of False.

You should be testing for validity like this: if X:

object is valid

Do not test for validity like this:

if int(X) == 0:

or if X is None: .....

the later form is not going to work when X is a NoneObject.

---

The documentation for this class was generated from the following file:

• volatility/obj.py