fix merge conflicts

Author: Dave Lassalle

.github/workflows/ruff.yaml

@@ -9,7 +9,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: astral-sh/ruff-action@v1
+      - uses: astral-sh/ruff-action@v3.2.1
         with:
           args: check
           src: "."

.github/workflows/test.yaml

@@ -31,13 +31,17 @@ jobs:
         gunzip linux-sample-1.bin.gz
         curl -sLO "https://downloads.volatilityfoundation.org/volatility3/images/win-xp-laptop-2005-06-25.img.gz"
         gunzip win-xp-laptop-2005-06-25.img.gz
+        curl -sLO "https://downloads.volatilityfoundation.org/volatility3/images/win-10_19041-2025_03.dmp.gz"
+        gunzip win-10_19041-2025_03.dmp.gz
         cd -
 
     - name: Download and Extract symbols
       run: |
         cd ./volatility3/symbols
         curl -sLO https://downloads.volatilityfoundation.org/volatility3/symbols/linux.zip
+        curl -sLO https://downloads.volatilityfoundation.org/volatility3/symbols/symbols_win-10_19041-2025_03.zip
         unzip linux.zip
+        unzip symbols_win-10_19041-2025_03.zip
         cd -
 
     - name: Testing...
@@ -47,8 +51,8 @@ jobs:
         pytest ./test/plugins/linux/linux.py --volatility=volshell.py --image-dir=./test_images -k test_linux_volshell -v
 
         # Volatility
-        pytest ./test/plugins/windows/windows.py --volatility=vol.py --image-dir=./test_images -k "test_windows and not test_windows_volshell" -v
-        pytest ./test/plugins/linux/linux.py --volatility=vol.py --image-dir=./test_images -k "test_linux and not test_linux_volshell" -v
+        pytest ./test/plugins/windows/windows.py --volatility=vol.py --image=./test_images/win-10_19041-2025_03.dmp -k "test_windows and not test_windows_volshell" -v --durations=0
+        pytest ./test/plugins/linux/linux.py --volatility=vol.py --image-dir=./test_images -k "test_linux and not test_linux_volshell" -v --durations=0
 
     - name: Clean up post-test
       run: |

doc/source/simple-plugin.rst

@@ -53,9 +53,9 @@ to be able to run properly.  Any that are defined as optional need not necessari
                     description = "Process IDs to include (all other processes are excluded)",
                     optional = True
                 ),
-                requirements.PluginRequirement(
+                requirements.VersionRequirement(
                     name = 'pslist',
-                    plugin = pslist.PsList,
+                    component = pslist.PsList,
                     version = (2, 0, 0)
                 ),
             ]

test/__init__.py

@@ -1,4 +1,8 @@
 from enum import Enum
+from pathlib import Path
+
+TESTS_ROOT_DIR = Path(__file__).parent
+WINDOWS_TESTS_DATA_DIR = TESTS_ROOT_DIR / "plugins" / "windows" / "test_data"
 
 
 class Sample:
@@ -9,6 +13,8 @@ def __init__(self, path: str):
 class WindowsSamples(Enum):
     WINDOWSXP_GENERIC = Sample("./test_images/win-xp-laptop-2005-06-25.img")
     """WindowsXP sample from early Volatility training."""
+    WINDOWS10_GENERIC = Sample("./test_images/win-10_19041-2025_03.dmp")
+    """Windows10 CrashDump sample."""
 
 
 class LinuxSamples(Enum):

test/plugins/linux/linux.py

@@ -8,7 +8,7 @@
 class TestLinuxVolshell:
     def test_linux_volshell(self, image, volatility, python):
         out = test_volatility.basic_volshell_test(
-            image, volatility, python, globalargs=("-l",)
+            image, volatility, python, volshellargs=("-l",)
         )
         assert out.count(b"<task_struct") > 100
 

test/plugins/windows/test_data/windows.driverirp.DriverIrp.json

@@ -0,0 +1,32 @@
+{
+    "GENERIC": [
+        "IRP_MJ_CREATE",
+        "IRP_MJ_CREATE_NAMED_PIPE",
+        "IRP_MJ_CLOSE",
+        "IRP_MJ_READ",
+        "IRP_MJ_WRITE",
+        "IRP_MJ_QUERY_INFORMATION",
+        "IRP_MJ_SET_INFORMATION",
+        "IRP_MJ_QUERY_EA",
+        "IRP_MJ_SET_EA",
+        "IRP_MJ_FLUSH_BUFFERS",
+        "IRP_MJ_QUERY_VOLUME_INFORMATION",
+        "IRP_MJ_SET_VOLUME_INFORMATION",
+        "IRP_MJ_DIRECTORY_CONTROL",
+        "IRP_MJ_FILE_SYSTEM_CONTROL",
+        "IRP_MJ_DEVICE_CONTROL",
+        "IRP_MJ_INTERNAL_DEVICE_CONTROL",
+        "IRP_MJ_SHUTDOWN",
+        "IRP_MJ_LOCK_CONTROL",
+        "IRP_MJ_CLEANUP",
+        "IRP_MJ_CREATE_MAILSLOT",
+        "IRP_MJ_QUERY_SECURITY",
+        "IRP_MJ_SET_SECURITY",
+        "IRP_MJ_POWER",
+        "IRP_MJ_SYSTEM_CONTROL",
+        "IRP_MJ_DEVICE_CHANGE",
+        "IRP_MJ_QUERY_QUOTA",
+        "IRP_MJ_SET_QUOTA",
+        "IRP_MJ_PNP"
+    ]
+}

test/plugins/windows/test_data/windows.info.Info.json

@@ -0,0 +1,96 @@
+{
+    "WINDOWS10_GENERIC": [
+        {
+            "Value": "0xf8043601f000",
+            "Variable": "Kernel Base"
+        },
+        {
+            "Value": "0x6d4000",
+            "Variable": "DTB"
+        },
+        {
+            "Value": "True",
+            "Variable": "Is64Bit"
+        },
+        {
+            "Value": "False",
+            "Variable": "IsPAE"
+        },
+        {
+            "Value": "0 WindowsIntel32e",
+            "Variable": "layer_name"
+        },
+        {
+            "Value": "1 WindowsCrashDump64Layer",
+            "Variable": "memory_layer"
+        },
+        {
+            "Value": "2 FileLayer",
+            "Variable": "base_layer"
+        },
+        {
+            "Value": "0xf80436c1fb20",
+            "Variable": "KdDebuggerDataBlock"
+        },
+        {
+            "Value": "19041.1.amd64fre.vb_release.1912",
+            "Variable": "NTBuildLab"
+        },
+        {
+            "Value": "0",
+            "Variable": "CSDVersion"
+        },
+        {
+            "Value": "0xf80436c2e420",
+            "Variable": "KdVersionBlock"
+        },
+        {
+            "Value": "15.19041",
+            "Variable": "Major/Minor"
+        },
+        {
+            "Value": "34404",
+            "Variable": "MachineType"
+        },
+        {
+            "Value": "1",
+            "Variable": "KeNumberProcessors"
+        },
+        {
+            "Value": "2025-03-06 17:59:20+00:00",
+            "Variable": "SystemTime"
+        },
+        {
+            "Value": "C:\\Windows",
+            "Variable": "NtSystemRoot"
+        },
+        {
+            "Value": "NtProductWinNt",
+            "Variable": "NtProductType"
+        },
+        {
+            "Value": "10",
+            "Variable": "NtMajorVersion"
+        },
+        {
+            "Value": "0",
+            "Variable": "NtMinorVersion"
+        },
+        {
+            "Value": "10",
+            "Variable": "PE MajorOperatingSystemVersion"
+        },
+        {
+            "Value": "0",
+            "Variable": "PE MinorOperatingSystemVersion"
+        },
+        {
+            "Value": "34404",
+            "Variable": "PE Machine"
+        },
+        {
+            "Value": "Tue Sep 26 06:53:33 2023",
+            "Variable": "PE TimeDateStamp"
+        }
+    ]
+}