heimdall package

Subpackages

• heimdall.cli package
  • Submodules
  • heimdall.cli.cli_common module
    • cb_isf()
    • cb_kvmi_socket()
    • prompt_selection()
    • sudo_required()
  • heimdall.cli.connect module
    • cli()
  • heimdall.cli.isf module
    • cli()
    • isf()
    • isf_callback()
    • isf_list()
    • isf_purge()
    • select_file()
  • heimdall.cli.isf_manager module
    • ISFManager
      • ISFManager.__init__()
      • ISFManager.create()
      • ISFManager.delete()
      • ISFManager.detect()
      • ISFManager.download()
      • ISFManager.list()
      • ISFManager.purge()
  • Module contents
• heimdall.core package
  • Submodules
  • heimdall.core.access module
    • MemoryAccess
      • MemoryAccess.__init__()
      • MemoryAccess.read()
      • MemoryAccess.read_str()
      • MemoryAccess.read_ustr()
      • MemoryAccess.write()
      • MemoryAccess.write_str()
  • heimdall.core.context module
    • Context
      • Context.__init__()
      • Context.create_symbols_jar()
      • Context.file_symbol()
      • Context.peek()
      • Context.peek_str()
      • Context.peek_ustr()
      • Context.poke()
      • Context.symbol()
  • heimdall.core.descriptors module
    • ArrayKind
      • ArrayKind.__init__()
      • ArrayKind.count
      • ArrayKind.subtype
    • BaseKind
      • BaseKind.__init__()
      • BaseKind.fmt
    • BitFieldKind
      • BitFieldKind.__init__()
      • BitFieldKind.base_type
      • BitFieldKind.bit_length
      • BitFieldKind.bit_position
    • ClassKind
      • ClassKind.__init__()
    • ComplexKind
      • ComplexKind.__init__()
      • ComplexKind.fields
    • Descriptor
      • Descriptor.__init__()
      • Descriptor.name
    • EnumKind
      • EnumKind.__init__()
      • EnumKind.constants
    • Field
      • Field.__init__()
      • Field.offset
      • Field.type
    • FunctionKind
      • FunctionKind.__init__()
    • KindDescriptor
      • KindDescriptor.__init__()
      • KindDescriptor.size
    • PointerKind
      • PointerKind.__init__()
      • PointerKind.subtype
    • StructKind
      • StructKind.__init__()
    • SymbolDescriptor
      • SymbolDescriptor.__init__()
      • SymbolDescriptor.address
      • SymbolDescriptor.kind
    • UnionKind
      • UnionKind.__init__()
    • UnresolvedKind
      • UnresolvedKind.__init__()
      • UnresolvedKind.data
  • heimdall.core.isf_file module
    • ISFFile
      • ISFFile.__init__()
      • ISFFile.get_enum()
      • ISFFile.get_os_type()
      • ISFFile.get_symbol()
      • ISFFile.get_type()
      • ISFFile.validate_json()
    • OSType
      • OSType.LINUX
      • OSType.MACOS
      • OSType.WINDOWS
  • heimdall.core.symbol module
    • Symbol
      • Symbol.__init__()
      • Symbol.cast()
      • Symbol.disass()
      • Symbol.peek()
      • Symbol.peek_str()
      • Symbol.peek_ustr()
      • Symbol.poke()
  • heimdall.core.symbols_jar module
    • SymbolsJar
      • SymbolsJar.__init__()
      • SymbolsJar.get_enum()
      • SymbolsJar.get_symbol()
      • SymbolsJar.get_type()
  • Module contents
• heimdall.os_related package
  • Subpackages
    • heimdall.os_related.base_os package
      • Submodules
      • heimdall.os_related.base_os.kernel_struct module
      • heimdall.os_related.base_os.processes module
      • Module contents
    • heimdall.os_related.linux package
      • Submodules
      • heimdall.os_related.linux.filesystem module
      • heimdall.os_related.linux.linux_client module
      • heimdall.os_related.linux.processes module
      • Module contents
    • heimdall.os_related.macos package
      • Submodules
      • heimdall.os_related.macos.filesystem module
      • heimdall.os_related.macos.macos_client module
      • heimdall.os_related.macos.processes module
      • Module contents
    • heimdall.os_related.windows package
      • Submodules
      • heimdall.os_related.windows.processes module
      • heimdall.os_related.windows.windows_client module
      • Module contents
  • Module contents
• heimdall.utils package
  • Submodules
  • heimdall.utils.utils module
    • download_file()
  • Module contents

Submodules

heimdall.create_client module

heimdall.create_client.create_heimdall_client(vmi: libvmi.Libvmi, profile: Path) → HeimdallClient

Factory function to create a HeimdallClient for managing virtual machines.

heimdall.exceptions module

exception heimdall.exceptions.AccessDeniedError

Bases: HeimdallException

Need extra permissions to execute this command.

exception heimdall.exceptions.ConnectionFailedError

Bases: HeimdallException

Raised when a connection to the virtual machine fails.

exception heimdall.exceptions.HeimdallException

Bases: Exception

Base class for all exceptions related to Heimdall.

exception heimdall.exceptions.SymbolsFileFormatError(name='')

Bases: VolatilitySymbols

Raised when a specified symbols file not properly formatted.

exception heimdall.exceptions.SymbolsFileNotFoundError(name='')

Bases: VolatilitySymbols

Raised when a specified symbols file is not found.

exception heimdall.exceptions.SymbolsFileRemoteNotFoundError(name='')

Bases: VolatilitySymbols

Raised when a specified symbols file is not found on the remote repository.

exception heimdall.exceptions.VolatilitySymbols(name='')

Bases: HeimdallException

Base class for exceptions related to profiles.

__init__(name='')

heimdall.heimdall_client module

class heimdall.heimdall_client.ContextPrompt(*args: Any, **kwargs: Any)

Bases: Prompts

Customizes IPython prompts in the Heimdall context.

in_prompt_tokens(cli: Any | None = None) → list[tuple[IPython.terminal.prompts.Token, str]]

out_prompt_tokens(cli: Any | None = None) → list[tuple[IPython.terminal.prompts.Token, str]]

class heimdall.heimdall_client.HeimdallClient(vmi: libvmi.Libvmi, os_profile: Path)

Bases: object

__init__(vmi: libvmi.Libvmi, os_profile: Path)

Represents a client for interacting with the Heimdall virtual machine introspection library.

The HeimdallClient class provides methods for initializing the client using a virtual machine name and an OS profile. It supports reading and writing memory, creating contexts for specific processes, and starting an IPython interactive shell for advanced interactions.

Parameters:

• vmi (Libvmi) – The Libvmi instance for interacting with the VM.

• os_profile (Path) – The path to the OS profile configuration file.

create_ctx(pid: int, symbols_path: str = None) → Context

Create a context for a given PID.

Parameters:

• pid (int) – The process ID for which to create the context.

• symbols_path (str, optional) – The path to the symbols file (default is None).

Returns:

A context object for the specified PID.

Return type:

Context

interact(additional_namespace: dict | None = None) → None

Start an IPython interactive shell.

Parameters:

additional_namespace (dict, optional) – Additional variables to include in the interactive namespace (default is None).

property kslide: int

Kernel slide.

Returns:

The kernel ASLR slide value.

Return type:

int

abstract property processes

Abstract property for processes.

Module contents