Merge pull request #1539 from j-t-1/mac

ikelos · web-flow · commit b96a7588094b · 2025-01-10T20:08:21.000Z
Small readability improvements
diff --git a/volatility3/framework/automagic/mac.py b/volatility3/framework/automagic/mac.py
@@ -101,7 +101,7 @@ def stack(
                 except exceptions.InvalidAddressException:
                     vollog.log(
                         constants.LOGLEVEL_VVVV,
-                        f"Skipping invalid idlepml4_ptr: 0x{idlepml4_ptr:0x}",
+                        f"Skipping invalid idlepml4_ptr: {idlepml4_ptr:#x}",
                     )
                     continue
 
@@ -112,7 +112,7 @@ def stack(
                 if tmp_dtb % 4096:
                     vollog.log(
                         constants.LOGLEVEL_VVV,
-                        f"Skipping non-page aligned DTB: 0x{tmp_dtb:0x}",
+                        f"Skipping non-page aligned DTB: {tmp_dtb:#x}",
                     )
                     continue
 
@@ -136,7 +136,7 @@ def stack(
                 new_layer.config["kernel_virtual_offset"] = kaslr_shift
 
             if new_layer and dtb:
-                vollog.debug(f"DTB was found at: 0x{dtb:0x}")
+                vollog.debug(f"DTB was found at: {dtb:#x}")
                 return new_layer
         vollog.debug("No suitable mac banner could be matched")
         return None
@@ -182,33 +182,30 @@ def find_aslr(
         aslr_shift = 0
 
         for offset, banner in offset_generator:
-            banner_major, banner_minor = (int(x) for x in banner[22:].split(b".")[0:2])
+            banner_major, banner_minor = (int(x) for x in banner[22:].split(b".")[:2])
 
-            tmp_aslr_shift = offset - cls.virtual_to_physical_address(
-                version_json_address
-            )
+            aslr_shift = offset - cls.virtual_to_physical_address(version_json_address)
 
             major_string = context.layers[layer_name].read(
-                version_major_phys_offset + tmp_aslr_shift, 4
+                version_major_phys_offset + aslr_shift, 4
             )
             major = struct.unpack("<I", major_string)[0]
 
             if major != banner_major:
                 continue
 
             minor_string = context.layers[layer_name].read(
-                version_minor_phys_offset + tmp_aslr_shift, 4
+                version_minor_phys_offset + aslr_shift, 4
             )
             minor = struct.unpack("<I", minor_string)[0]
 
             if minor != banner_minor:
                 continue
 
-            if tmp_aslr_shift & 0xFFF != 0:
+            if aslr_shift & 0xFFF != 0:
                 continue
 
-            aslr_shift = tmp_aslr_shift & 0xFFFFFFFF
-            break
+        aslr_shift &= 0xFFFFFFFF
 
         vollog.log(constants.LOGLEVEL_VVVV, f"Mac find_aslr returned: {aslr_shift:0x}")
 
@@ -219,9 +216,9 @@ def virtual_to_physical_address(cls, addr: int) -> int:
         """Converts a virtual mac address to a physical one (does not account
         of ASLR)"""
         if addr > 0xFFFFFF8000000000:
-            addr = addr - 0xFFFFFF8000000000
+            addr -= 0xFFFFFF8000000000
         else:
-            addr = addr - 0xFF8000000000
+            addr -= 0xFF8000000000
 
         return addr
 
