def urwid_output(self, ui, offset):
## Get the profile for this case:
import VolatilityLinux
ctx = VolatilityLinux.get_vol_object(ui.query['case'], ui.query['memory'])
buf = format.Buffer(fd = ui.fd)[offset:]
result = self.render_profile(buf, ctx, self.volatility_object, ui)
return result
def urwid_output(self, ui, offset):
## Get the profile for this case:
import VolatilityLinux
ctx = VolatilityLinux.get_vol_object(ui.query['case'],
ui.query['memory'])
buf = format.Buffer(fd=ui.fd)[offset:]
result = self.render_profile(buf, ctx, self.volatility_object, ui)
return result
def handle_key(self, ui ,key):
if self.state == None:
self.state = 'prompt'
## Read the current bytes off the memory image
offset = ui.mark
ui.fd.seek(offset)
data = ui.fd.read(4)
location = "0x%08X" % (struct.unpack("<I",data)[0])
ui.status_bar = Hexeditor.PowerEdit("Goto Virtual Address: ", location)
ui.status_bar.focus = True
elif self.state == 'prompt':
if key=='esc':
ui.mode = None
self.state = None
ui.status_bar = urwid.Text('')
elif key=='enter':
ui.mode = None
self.state = None
offset = ui.status_bar.get_edit_text()
ui.status_bar = urwid.Text('')
try:
offset = FlagFramework.calculate_offset_suffix(offset)
except Exception,e:
ui.message = "Cant parse %s as offset" % offset
return True
## Now we need to work out what the VA offset is:
import VolatilityLinux
v = VolatilityLinux.get_vol_object(self.case, self.m)
phy_offset = v.addr_space.vtop(offset)
ui.set_mark(phy_offset)
else:
## Pass key strokes to the text box:
ui.status_bar.keypress( (ui.width, ), key)
