Merge pull request #999 from 616c696365/fix-issue-895

Windows: Update pslist.py, add friendly option

Author: ikelos

volatility3/framework/interfaces/plugins.py

@@ -43,7 +43,7 @@ def preferred_filename(self):
         return self._preferred_filename
 
     @preferred_filename.setter
-    def preferred_filename(self, filename):
+    def preferred_filename(self, filename: str):
         """Sets the preferred filename"""
         if self.closed:
             raise IOError("FileHandler name cannot be changed once closed")
@@ -57,6 +57,18 @@ def preferred_filename(self, filename):
     def close(self):
         """Method that commits the file and fixes the final filename for use"""
 
+    @staticmethod
+    def sanitize_filename(filename: str) -> str:
+        """Sanititizes the filename to ensure only a specific whitelist of characters is allowed through"""
+        allowed = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.- ()[]\{\}!$%^:#~?<>,|"
+        result = ""
+        for char in filename:
+            if char in allowed:
+                result += char
+            else:
+                result += "?"
+        return result
+
     def __enter__(self):
         return self
 

volatility3/framework/plugins/windows/pslist.py

@@ -90,9 +90,19 @@ def process_dump(
                 offset=peb.ImageBaseAddress,
                 layer_name=proc_layer_name,
             )
+
+            process_name = proc.ImageFileName.cast(
+                "string",
+                max_length=proc.ImageFileName.vol.count,
+                errors="replace",
+            )
+
             file_handle = open_method(
-                f"pid.{proc.UniqueProcessId}.{peb.ImageBaseAddress:#x}.dmp"
+                open_method.sanitize_filename(
+                    f"{proc.UniqueProcessId}.{process_name}.{peb.ImageBaseAddress:#x}.dmp"
+                )
             )
+
             for offset, data in dos_header.reconstruct():
                 file_handle.seek(offset)
                 file_handle.write(data)