def __init__(
self,
context: interfaces.context.ContextInterface,
config_path: str,
name: str,
isf_url: str,
native_types: interfaces.symbols.NativeTableInterface = None,
table_mapping: Optional[Dict[str, str]] = None,
validate: bool = True,
class_types: Optional[Dict[
str, Type[interfaces.objects.ObjectInterface]]] = None
) -> None:
"""Instantiates a SymbolTable based on an IntermediateSymbolFormat JSON file. This is validated against the
appropriate schema. The validation can be disabled by passing validate = False, but this should almost never be
done.
Args:
context: The volatility context for the symbol table
config_path: The configuration path for the symbol table
name: The name for the symbol table (this is used in symbols e.g. table!symbol )
isf_url: The URL pointing to the ISF file location
native_types: The NativeSymbolTable that contains the native types for this symbol table
table_mapping: A dictionary linking names referenced in the file with symbol tables in the context
validate: Determines whether the ISF file will be validated against the appropriate schema
class_types: A dictionary of type names and classes that override StructType when they are instantiated
"""
# Check there are no obvious errors
# Open the file and test the version
self._versions = dict([(x.version, x)
for x in class_subclasses(ISFormatTable)])
fp = volatility.framework.layers.resources.ResourceAccessor().open(
isf_url)
reader = codecs.getreader("utf-8")
json_object = json.load(reader(fp)) # type: ignore
fp.close()
# Validation is expensive, but we cache to store the hashes of successfully validated json objects
if validate and not schemas.validate(json_object):
raise exceptions.SymbolSpaceError(
"File does not pass version validation: {}".format(isf_url))
metadata = json_object.get('metadata', None)
# Determine the delegate or throw an exception
self._delegate = self._closest_version(metadata.get(
'format', "0.0.0"), self._versions)(context, config_path, name,
json_object, native_types,
table_mapping)
# Inherit
super().__init__(context,
config_path,
name,
native_types or self._delegate.natives,
table_mapping=table_mapping,
class_types=class_types)
def __init__(self,
context: interfaces.context.ContextInterface,
config_path: str,
name: str,
isf_url: str,
native_types: interfaces.symbols.NativeTableInterface = None,
table_mapping: Optional[Dict[str, str]] = None,
validate: bool = True,
class_types: Optional[Mapping[
str, Type[interfaces.objects.ObjectInterface]]] = None,
symbol_shift: int = 0,
symbol_mask: int = 0) -> None:
"""Instantiates a SymbolTable based on an IntermediateSymbolFormat JSON file. This is validated against the
appropriate schema. The validation can be disabled by passing validate = False, but this should almost never be
done.
Args:
context: The volatility context for the symbol table
config_path: The configuration path for the symbol table
name: The name for the symbol table (this is used in symbols e.g. table!symbol )
isf_url: The URL pointing to the ISF file location
native_types: The NativeSymbolTable that contains the native types for this symbol table
table_mapping: A dictionary linking names referenced in the file with symbol tables in the context
validate: Determines whether the ISF file will be validated against the appropriate schema
class_types: A dictionary of type names and classes that override StructType when they are instantiated
symbol_shift: An offset by which to alter all returned symbols for this table
symbol_mask: An address mask used for all returned symbol offsets from this table (a mask of 0 disables masking)
"""
# Check there are no obvious errors
# Open the file and test the version
self._versions = dict([(x.version, x)
for x in class_subclasses(ISFormatTable)])
fp = volatility.framework.layers.resources.ResourceAccessor().open(
isf_url)
reader = codecs.getreader("utf-8")
json_object = json.load(reader(fp)) # type: ignore
fp.close()
# Validation is expensive, but we cache to store the hashes of successfully validated json objects
if validate and not schemas.validate(json_object):
raise exceptions.SymbolSpaceError(
"File does not pass version validation: {}".format(isf_url))
metadata = json_object.get('metadata', None)
# Determine the delegate or throw an exception
self._delegate = self._closest_version(metadata.get(
'format', "0.0.0"), self._versions)(context, config_path, name,
json_object, native_types,
table_mapping)
if self._delegate.version < constants.ISF_MINIMUM_SUPPORTED:
raise RuntimeError(
"ISF version {} is no longer supported: {}".format(
metadata.get('format', "0.0.0"), isf_url))
elif self._delegate.version < constants.ISF_MINIMUM_DEPRECATED:
vollog.warning("ISF version {} has been deprecated: {}".format(
metadata.get('format', "0.0.0"), isf_url))
# Inherit
super().__init__(context,
config_path,
name,
native_types or self._delegate.natives,
table_mapping=table_mapping,
class_types=class_types)
# Since we've been created with parameters, ensure our config is populated likewise
self.config['isf_url'] = isf_url
self.config['symbol_shift'] = symbol_shift
self.config['symbol_mask'] = symbol_mask