Merge pull request #1541 from volatilityfoundation/revert-1539-mac

ikelos · web-flow · commit bedcaa24cd70 · 2025-01-10T21:10:38.000Z
Revert "Small readability improvements"
diff --git a/volatility3/framework/automagic/mac.py b/volatility3/framework/automagic/mac.py
@@ -101,7 +101,7 @@ def stack(
                 except exceptions.InvalidAddressException:
                     vollog.log(
                         constants.LOGLEVEL_VVVV,
-                        f"Skipping invalid idlepml4_ptr: {idlepml4_ptr:#x}",
+                        f"Skipping invalid idlepml4_ptr: 0x{idlepml4_ptr:0x}",
                     )
                     continue
 
@@ -112,7 +112,7 @@ def stack(
                 if tmp_dtb % 4096:
                     vollog.log(
                         constants.LOGLEVEL_VVV,
-                        f"Skipping non-page aligned DTB: {tmp_dtb:#x}",
+                        f"Skipping non-page aligned DTB: 0x{tmp_dtb:0x}",
                     )
                     continue
 
@@ -136,7 +136,7 @@ def stack(
                 new_layer.config["kernel_virtual_offset"] = kaslr_shift
 
             if new_layer and dtb:
-                vollog.debug(f"DTB was found at: {dtb:#x}")
+                vollog.debug(f"DTB was found at: 0x{dtb:0x}")
                 return new_layer
         vollog.debug("No suitable mac banner could be matched")
         return None
@@ -182,30 +182,33 @@ def find_aslr(
         aslr_shift = 0
 
         for offset, banner in offset_generator:
-            banner_major, banner_minor = (int(x) for x in banner[22:].split(b".")[:2])
+            banner_major, banner_minor = (int(x) for x in banner[22:].split(b".")[0:2])
 
-            aslr_shift = offset - cls.virtual_to_physical_address(version_json_address)
+            tmp_aslr_shift = offset - cls.virtual_to_physical_address(
+                version_json_address
+            )
 
             major_string = context.layers[layer_name].read(
-                version_major_phys_offset + aslr_shift, 4
+                version_major_phys_offset + tmp_aslr_shift, 4
             )
             major = struct.unpack("<I", major_string)[0]
 
             if major != banner_major:
                 continue
 
             minor_string = context.layers[layer_name].read(
-                version_minor_phys_offset + aslr_shift, 4
+                version_minor_phys_offset + tmp_aslr_shift, 4
             )
             minor = struct.unpack("<I", minor_string)[0]
 
             if minor != banner_minor:
                 continue
 
-            if aslr_shift & 0xFFF != 0:
+            if tmp_aslr_shift & 0xFFF != 0:
                 continue
 
-        aslr_shift &= 0xFFFFFFFF
+            aslr_shift = tmp_aslr_shift & 0xFFFFFFFF
+            break
 
         vollog.log(constants.LOGLEVEL_VVVV, f"Mac find_aslr returned: {aslr_shift:0x}")
 
@@ -216,9 +219,9 @@ def virtual_to_physical_address(cls, addr: int) -> int:
         """Converts a virtual mac address to a physical one (does not account
         of ASLR)"""
         if addr > 0xFFFFFF8000000000:
-            addr -= 0xFFFFFF8000000000
+            addr = addr - 0xFFFFFF8000000000
         else:
-            addr -= 0xFF8000000000
+            addr = addr - 0xFF8000000000
 
         return addr
 
