Merge branch 'develop' into threads_useful_columns

Author: atcuno

doc/source/simple-plugin.rst

@@ -53,9 +53,9 @@ to be able to run properly.  Any that are defined as optional need not necessari
                     description = "Process IDs to include (all other processes are excluded)",
                     optional = True
                 ),
-                requirements.PluginRequirement(
+                requirements.VersionRequirement(
                     name = 'pslist',
-                    plugin = pslist.PsList,
+                    component = pslist.PsList,
                     version = (2, 0, 0)
                 ),
             ]

volatility3/cli/volshell/generic.py

@@ -60,7 +60,13 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                     description="File to load and execute at start",
                     default=None,
                     optional=True,
-                )
+                ),
+                requirements.BooleanRequirement(
+                    name="script-only",
+                    description="Exit volshell after the script specified in --script completes",
+                    default=False,
+                    optional=True,
+                ),
             ]
         return reqs + [
             requirements.TranslationLayerRequirement(
@@ -135,6 +141,9 @@ def in_prompt_tokens(self, cli=None):
         if self.config.get("script", None) is not None:
             self.run_script(location=self.config["script"])
 
+            if self.config.get("script-only"):
+                exit()
+
         if has_ipython:
             self.__console()
         else:
@@ -310,23 +319,25 @@ def display_bytes(self, offset, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None
         self._display_data(offset, remaining_data)
 
     def display_quadwords(
-        self, offset, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None
+        self, offset, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None, byteorder="@"
     ):
         """Displays quad-word values (8 bytes) and corresponding ASCII characters"""
         remaining_data = self._read_data(offset, count=count, layer_name=layer_name)
-        self._display_data(offset, remaining_data, format_string="Q")
+        self._display_data(offset, remaining_data, format_string=f"{byteorder}Q")
 
     def display_doublewords(
-        self, offset, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None
+        self, offset, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None, byteorder="@"
     ):
         """Displays double-word values (4 bytes) and corresponding ASCII characters"""
         remaining_data = self._read_data(offset, count=count, layer_name=layer_name)
-        self._display_data(offset, remaining_data, format_string="I")
+        self._display_data(offset, remaining_data, format_string=f"{byteorder}I")
 
-    def display_words(self, offset, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None):
+    def display_words(
+        self, offset, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None, byteorder="@"
+    ):
         """Displays word values (2 bytes) and corresponding ASCII characters"""
         remaining_data = self._read_data(offset, count=count, layer_name=layer_name)
-        self._display_data(offset, remaining_data, format_string="H")
+        self._display_data(offset, remaining_data, format_string=f"{byteorder}H")
 
     def regex_scan(self, pattern, count=DEFAULT_NUM_DISPLAY_BYTES, layer_name=None):
         """Scans for regex pattern in layer using RegExScanner."""

volatility3/cli/volshell/linux.py

@@ -30,8 +30,8 @@ def get_requirements(cls):
             requirements.ModuleRequirement(
                 name="kernel", description="Linux kernel module"
             ),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(4, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(4, 0, 0)
             ),
             requirements.IntRequirement(
                 name="pid", description="Process ID", optional=True

volatility3/cli/volshell/mac.py

@@ -19,8 +19,8 @@ def get_requirements(cls):
             requirements.ModuleRequirement(
                 name="kernel", description="Darwin kernel module"
             ),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(3, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(3, 0, 0)
             ),
             requirements.IntRequirement(
                 name="pid", description="Process ID", optional=True

volatility3/cli/volshell/windows.py

@@ -17,8 +17,8 @@ class Volshell(generic.Volshell):
     def get_requirements(cls):
         return [
             requirements.ModuleRequirement(name="kernel", description="Windows kernel"),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(3, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(3, 0, 0)
             ),
             requirements.IntRequirement(
                 name="pid", description="Process ID", optional=True

volatility3/framework/plugins/linux/bash.py

@@ -32,8 +32,8 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 description="Linux kernel",
                 architectures=["Intel32", "Intel64"],
             ),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(4, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(4, 0, 0)
             ),
             requirements.ListRequirement(
                 name="pid",

volatility3/framework/plugins/linux/boottime.py

@@ -25,8 +25,8 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 description="Linux kernel",
                 architectures=["Intel32", "Intel64"],
             ),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(4, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(4, 0, 0)
             ),
         ]
 

volatility3/framework/plugins/linux/capabilities.py

@@ -60,8 +60,8 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 description="Linux kernel",
                 architectures=["Intel32", "Intel64"],
             ),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(4, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(4, 0, 0)
             ),
             requirements.ListRequirement(
                 name="pids",

volatility3/framework/plugins/linux/check_creds.py

@@ -22,8 +22,8 @@ def get_requirements(cls):
                 description="Linux kernel",
                 architectures=["Intel32", "Intel64"],
             ),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(4, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(4, 0, 0)
             ),
         ]
 

volatility3/framework/plugins/linux/elfs.py

@@ -35,8 +35,8 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 description="Linux kernel",
                 architectures=["Intel32", "Intel64"],
             ),
-            requirements.PluginRequirement(
-                name="pslist", plugin=pslist.PsList, version=(4, 0, 0)
+            requirements.VersionRequirement(
+                name="pslist", component=pslist.PsList, version=(4, 0, 0)
             ),
             requirements.ListRequirement(
                 name="pid",