volatility.framework.symbols.linux.extensions.bash module¶

class hist_entry(context, type_name, object_info, size, members)[source]¶

Constructs an Object adhering to the ObjectInterface.

Parameters

context (ContextInterface) – The context associated with the object
type_name (str) – The name of the type structure for the object
object_info (ObjectInformation) – Basic information relevant to the object (layer, offset, member_name, parent, etc)

class VolTemplateProxy¶

Bases: volatility.framework.interfaces.objects.VolTemplateProxy

classmethod children(template)¶

Method to list children of a template.

classmethod has_member(template, member_name)¶

Returns whether the object would contain a member called member_name.

classmethod relative_child_offset(template, child)¶

Returns the relative offset of a child to its parent.

classmethod replace_child(template, old_child, new_child)¶

Replace a child elements within the arguments handed to the template.

classmethod size(template)¶

Method to return the size of this type.

cast(new_type_name, **additional)¶

Returns a new object at the offset and from the layer that the current object inhabits.

Note

If new type name does not include a symbol table, the symbol table for the current object is used

get_symbol_table()¶

Returns the symbol table for this particular object.

Returns none if the symbol table cannot be identified.

has_member(member_name)¶

Returns whether the object would contain a member called member_name.

member(attr='member')¶

Specifically named method for retrieving members.

property vol¶

Returns the volatility specific object information.

write(value)¶: Writes the new value into the format at the offset the object currently resides at.