Windows Handles: Update dependents

This updates the plugins that depend on `Handles` with the correct
required version number, as well as calls to the new handles
classmethods where needed.

Author: dgmcdona

volatility3/framework/plugins/windows/callbacks.py

@@ -48,7 +48,7 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 name="driverirp", component=driverirp.DriverIrp, version=(1, 0, 0)
             ),
             requirements.VersionRequirement(
-                name="handles", component=handles.Handles, version=(3, 0, 0)
+                name="handles", component=handles.Handles, version=(4, 0, 0)
             ),
         ]
 

volatility3/framework/plugins/windows/dumpfiles.py

@@ -5,18 +5,12 @@
 import logging
 import ntpath
 import re
-from typing import List, Tuple, Type, Optional, Generator
-
-from volatility3.framework import (
-    interfaces,
-    exceptions,
-    constants,
-    renderers,
-)
+from typing import Generator, List, Optional, Tuple, Type
+
+from volatility3.framework import constants, exceptions, interfaces, renderers
 from volatility3.framework.configuration import requirements
 from volatility3.framework.renderers import format_hints
-from volatility3.plugins.windows import handles
-from volatility3.plugins.windows import pslist
+from volatility3.plugins.windows import handles, pslist
 
 vollog = logging.getLogger(__name__)
 
@@ -76,7 +70,7 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 name="pslist", component=pslist.PsList, version=(3, 0, 0)
             ),
             requirements.VersionRequirement(
-                name="handles", component=handles.Handles, version=(3, 0, 0)
+                name="handles", component=handles.Handles, version=(4, 0, 0)
             ),
         ]
 
@@ -231,14 +225,11 @@ def _generator(self, procs: List, offsets: List):
             # private variables, so we need an instance (for now, anyway). We _could_ call Handles._generator()
             # to do some of the other work that is duplicated here, but then we'd need to parse the TreeGrid
             # results instead of just dealing with them as direct objects here.
-            handles_plugin = handles.Handles(
-                context=self.context, config_path=self._config_path
-            )
-            type_map = handles_plugin.get_type_map(
+            type_map = handles.Handles.get_type_map(
                 context=self.context,
                 kernel_module_name=self.config["kernel"],
             )
-            cookie = handles_plugin.find_cookie(
+            cookie = handles.Handles.find_cookie(
                 context=self.context,
                 kernel_module_name=self.config["kernel"],
             )
@@ -255,7 +246,11 @@ def _generator(self, procs: List, offsets: List):
                     )
                     continue
 
-                for entry in handles_plugin.handles(object_table):
+                for entry in handles.Handles.handles(
+                    context=self.context,
+                    kernel_module_name=self.config["kernel"],
+                    handle_table=object_table,
+                ):
                     try:
                         obj_type = entry.get_object_type(type_map, cookie)
                         if obj_type == "File":

volatility3/framework/plugins/windows/poolscanner.py

@@ -142,7 +142,7 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
                 architectures=["Intel32", "Intel64"],
             ),
             requirements.VersionRequirement(
-                name="handles", component=handles.Handles, version=(3, 0, 0)
+                name="handles", component=handles.Handles, version=(4, 0, 0)
             ),
             requirements.VersionRequirement(
                 name="pool_header_scanner",

volatility3/framework/plugins/windows/psxview.py

@@ -9,12 +9,7 @@
 from volatility3.framework.interfaces import plugins
 from volatility3.framework.renderers import format_hints
 from volatility3.framework.symbols.windows import extensions
-from volatility3.plugins.windows import (
-    handles,
-    pslist,
-    psscan,
-    thrdscan,
-)
+from volatility3.plugins.windows import handles, pslist, psscan, thrdscan
 
 vollog = logging.getLogger(__name__)
 
@@ -58,7 +53,7 @@ def get_requirements(cls):
                 name="thrdscan", component=thrdscan.ThrdScan, version=(2, 0, 0)
             ),
             requirements.VersionRequirement(
-                name="handles", component=handles.Handles, version=(3, 0, 0)
+                name="handles", component=handles.Handles, version=(4, 0, 0)
             ),
             requirements.BooleanRequirement(
                 name="physical-offsets",
@@ -144,15 +139,11 @@ def _check_csrss_handles(
     ) -> Dict[int, extensions.EPROCESS]:
         ret: List[extensions.EPROCESS] = []
 
-        handles_plugin = handles.Handles(
-            context=self.context, config_path=self.config_path
-        )
-
-        type_map = handles_plugin.get_type_map(
+        type_map = handles.Handles.get_type_map(
             context=self.context, kernel_module_name=self.config["kernel"]
         )
 
-        cookie = handles_plugin.find_cookie(
+        cookie = handles.Handles.find_cookie(
             context=self.context, kernel_module_name=self.config["kernel"]
         )
 
@@ -164,7 +155,11 @@ def _check_csrss_handles(
             try:
                 ret += [
                     handle.Body.cast("_EPROCESS")
-                    for handle in handles_plugin.handles(p.ObjectTable)
+                    for handle in handles.Handles.handles(
+                        context=self.context,
+                        kernel_module_name=self.config["kernel"],
+                        handle_table=p.ObjectTable,
+                    )
                     if handle.get_object_type(type_map, cookie) == "Process"
                 ]
             except exceptions.InvalidAddressException: