Skip to content

Commit

Permalink
Code Review (style): Use keyword args
Browse files Browse the repository at this point in the history 
Updates calls to `list_processes` and `list_hives` to use keyword args
for clarity.
  • Loading branch information
@dgmcdona
dgmcdona committed Feb 27, 2025
1 parent 7821226 commit 083d35e
Show file tree
Hide file tree
Showing 39 changed files with 97 additions and 78 deletions.
2 changes: 1 addition & 1 deletion volatility3/framework/layers/registry.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def __init__(
# Win10 17063 introduced the Registry process to map most hives. Check
# if it exists and update RegistryHive._base_layer
for proc in pslist.PsList.list_processes(
self.context, self.config["kernel_module_name"]
context=self.context, kernel_module_name=self.config["kernel_module_name"]
):
proc_name = proc.ImageFileName.cast(
"string", max_length=proc.ImageFileName.vol.count, errors="replace"
Expand Down
8 changes: 5 additions & 3 deletions volatility3/framework/plugins/windows/amcache.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,9 +259,11 @@ def get_amcache_hive(
"""Retrieves the `Amcache.hve` registry hive from the kernel module, if it can be located."""
return next(
hivelist.HiveList.list_hives(
context,
interfaces.configuration.path_join(config_path, "hivelist"),
kernel_module_name,
context=context,
base_config_path=interfaces.configuration.path_join(
config_path, "hivelist"
),
kernel_module_name=kernel_module_name,
filter_string="amcache",
),
None,
Expand Down
6 changes: 3 additions & 3 deletions volatility3/framework/plugins/windows/cachedump.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,9 +171,9 @@ def run(self):
syshive = sechive = None

for hive in hivelist.HiveList.list_hives(
self.context,
self.config_path,
self.config["kernel"],
context=self.context,
base_config_path=self.config_path,
kernel_module_name=self.config["kernel"],
hive_offsets=None if offset is None else [offset],
):
if hive.get_name().split("\\")[-1].upper() == "SYSTEM":
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/cmdline.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,8 @@ def run(self):
[("PID", int), ("Process", str), ("Args", str)],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
14 changes: 7 additions & 7 deletions volatility3/framework/plugins/windows/cmdscan.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,11 +286,11 @@ def _generator(

if no_registry is False:
max_history, _ = consoles.Consoles.get_console_settings_from_registry(
self.context,
self.config_path,
self.config["kernel"],
max_history,
[],
context=self.context,
config_path=self.config_path,
kernel_module_name=self.config["kernel"],
max_history=max_history,
max_buffers=[],
)

vollog.debug(f"Possible CommandHistorySize values: {max_history}")
Expand Down Expand Up @@ -370,8 +370,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=self._conhost_proc_filter,
)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/consoles.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -943,8 +943,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=self._conhost_proc_filter,
)
),
Expand Down
4 changes: 3 additions & 1 deletion volatility3/framework/plugins/windows/debugregisters.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,9 @@ def _generator(

proc_modules = None

procs = pslist.PsList.list_processes(self.context, self.config["kernel"])
procs = pslist.PsList.list_processes(
context=self.context, kernel_module_name=self.config["kernel"]
)

for proc in procs:
for thread in threads.Threads.list_threads(kernel, proc):
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/direct_system_calls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,8 +358,8 @@ def get_tasks_to_scan(
)

for proc in pslist.PsList.list_processes(
context,
kernel_module_name,
context=context,
kernel_module_name=kernel_module_name,
filter_func=filter_func,
):
proc_name = utility.array_to_string(proc.ImageFileName)
Expand Down
10 changes: 6 additions & 4 deletions volatility3/framework/plugins/windows/dlllist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
from volatility3.framework.symbols import intermed
from volatility3.framework.symbols.windows.extensions import pe
from volatility3.plugins import timeliner
from volatility3.plugins.windows import info, pslist, psscan, pedump
from volatility3.plugins.windows import info, pedump, pslist, psscan

vollog = logging.getLogger(__name__)

Expand Down Expand Up @@ -192,7 +192,9 @@ def _generator(self, procs):

def generate_timeline(self):
for row in self._generator(
pslist.PsList.list_processes(self.context, self.config["kernel"])
pslist.PsList.list_processes(
context=self.context, kernel_module_name=self.config["kernel"]
)
):
_depth, row_data = row
if not isinstance(row_data[6], datetime.datetime):
Expand All @@ -217,8 +219,8 @@ def run(self):
)
else:
procs = pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)

Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/dumpfiles.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,8 +371,8 @@ def run(self):
[self.config.get("pid", None)]
)
procs = pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)

Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/envars.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,8 +225,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/getsids.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,8 +220,8 @@ def run(self):
[("PID", int), ("Process", str), ("SID", str), ("Name", str)],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
2 changes: 1 addition & 1 deletion volatility3/framework/plugins/windows/handles.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -394,7 +394,7 @@ def run(self):
else:
procs = pslist.PsList.list_processes(
self.context,
self.config["kernel"],
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)

Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/hollowprocesses.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,8 +214,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/iat.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=pslist.PsList.create_pid_filter(
self.config.get("pid", None)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/joblinks.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ def _generator(self) -> Iterator[Tuple]:
memory = self.context.layers[kernel.layer_name]

for proc in pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
):
try:
if not self.config["physical"]:
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/ldrmodules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/malfind.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,8 +256,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/memmap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/modules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,8 +186,8 @@ def _do_get_session_layers(
kernel = context.modules[kernel_module_name]

for proc in pslist.PsList.list_processes(
context,
kernel_module_name,
context=context,
kernel_module_name=kernel_module_name,
filter_func=filter_func,
):
proc_id = "Unknown"
Expand Down
4 changes: 3 additions & 1 deletion volatility3/framework/plugins/windows/pe_symbols.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -917,7 +917,9 @@ def get_all_vads_with_file_paths(
Args:
Generator[Tuple[interfaces.objects.ObjectInterface, str, ranges_type]]: Yields tuple of process objects, layers, and VADs mapping files
"""
procs = pslist.PsList.list_processes(context, kernel_module_name)
procs = pslist.PsList.list_processes(
context=context, kernel_module_name=kernel_module_name
)

for proc in procs:
try:
Expand Down
3 changes: 1 addition & 2 deletions volatility3/framework/plugins/windows/pedump.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,8 +195,7 @@ def dump_processes(

for proc in pslist.PsList.list_processes(
context=context,
layer_name=kernel.layer_name,
symbol_table_name=kernel.symbol_table_name,
kernel_module_name=kernel.name,
filter_func=filter_func,
):
pid = proc.UniqueProcessId
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/privileges.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/processghosting.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,8 @@ def run(self):
],
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
)
),
Expand Down
4 changes: 3 additions & 1 deletion volatility3/framework/plugins/windows/pstree.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,9 @@ def _generator(
"""Generates the Tree of processes."""
kernel = self.context.modules[self.config["kernel"]]

for proc in pslist.PsList.list_processes(self.context, self.config["kernel"]):
for proc in pslist.PsList.list_processes(
context=self.context, kernel_module_name=self.config["kernel"]
):
if not self.config.get("physical", pslist.PsList.PHYSICAL_DEFAULT):
offset = proc.vol.offset
else:
Expand Down
4 changes: 3 additions & 1 deletion volatility3/framework/plugins/windows/psxview.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,9 @@ def _generator(self):
kernel = self.context.modules[self.config["kernel"]]

kdbg_list_processes = list(
pslist.PsList.list_processes(self.context, self.config["kernel"])
pslist.PsList.list_processes(
context=self.context, kernel_module_name=self.config["kernel"]
)
)

# get processes from each source
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/sessions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ def _generator(self):
sessions = {}

for proc in pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
):
session_id = proc.get_session_id()
Expand Down
2 changes: 1 addition & 1 deletion volatility3/framework/plugins/windows/skeleton_key_check.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -671,7 +671,7 @@ def run(self):
self._generator(
pslist.PsList.list_processes(
self.context,
self.config["kernel"],
kernel_module_name=self.config["kernel"],
filter_func=self._lsass_proc_filter,
)
),
Expand Down
6 changes: 4 additions & 2 deletions volatility3/framework/plugins/windows/strings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,9 +161,11 @@ def generate_mapping(

# TODO: Include kernel modules

for process in pslist.PsList.list_processes(context, kernel_module_name):
for process in pslist.PsList.list_processes(
context=context, kernel_module_name=kernel_module_name
):
if not filter(process):
proc_id = "Unknown"
kernel_module_name = proc_id = "Unknown"

Check notice

Code scanning / CodeQL

Unused local variable Note

Variable kernel_module_name is not used.
try:
proc_id = process.UniqueProcessId
proc_layer_name = process.add_process_layer()
Expand Down
8 changes: 6 additions & 2 deletions volatility3/framework/plugins/windows/suspended_threads.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,9 @@ def _generator(self):
proc_modules = None

# walk the threads of each process checking for suspended threads
for proc in pslist.PsList.list_processes(self.context, self.config["kernel"]):
for proc in pslist.PsList.list_processes(
context=self.context, kernel_module_name=self.config["kernel"]
):
for thread in threads.Threads.list_threads(kernel, proc):
try:
# we only care if the thread is suspended
Expand Down Expand Up @@ -92,7 +94,9 @@ def _generator(self):
# will not have suspended threads
if not proc_modules:
proc_modules = pe_symbols.PESymbols.get_process_modules(
self.context, self.config["kernel"], None
context=self.context,
kernel_module_name=self.config["kernel"],
filter_modules=None,
)

path_and_symbol = functools.partial(
Expand Down
4 changes: 2 additions & 2 deletions volatility3/framework/plugins/windows/suspicious_threads.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,8 +138,8 @@ def _enumerate_processes(
filter_func = pslist.PsList.create_pid_filter(self.config.get("pid", None))

for proc in pslist.PsList.list_processes(
self.context,
self.config["kernel"],
context=self.context,
kernel_module_name=self.config["kernel"],
filter_func=filter_func,
):
ranges = self._get_ranges(kernel, all_ranges, proc)
Expand Down
Loading

0 comments on commit 083d35e

Please sign in to comment.