heimdall.os_related.macos package

Submodules

class heimdall.os_related.macos.filesystem.MacOSFileSystem[source]

Bases: object

Provides utilities for interacting with the macOS file system, specifically for vnode operations.

static vnode_full_path(v_node: Symbol) → str[source]

Return the full path of a vnode by traversing its parent hierarchy.

Parameters:: v_node (Symbol) – The vnode for which to retrieve the full path.
Returns:: The full path of the vnode.
Return type:: str

static vnode_traversal(v_node: Symbol) → Iterator[Any][source]

Traverse the vnode hierarchy starting from a given vnode.

Parameters:: v_node (Symbol) – The vnode from which to start traversal.
Yields:: Symbol – Each vnode in the hierarchy from the given vnode up to the root.

class heimdall.os_related.macos.macos_client.MacOSClient(vmi: libvmi.Libvmi, profile: Path)[source]

__init__(vmi: libvmi.Libvmi, profile: Path)[source]: Initialize MacOSClient.

class heimdall.os_related.macos.processes.MacOSProcess(ks: Any, ctx: Context)[source]

Represents a macOS process, providing access to attributes such as PID, name, and path.

property name: str

Process name.

property path: str

Process path.

property pid: int

Process ID (PID).

class heimdall.os_related.macos.processes.MacOSProcesses(heimdall_client: HeimdallClient)[source]

Manages a collection of macOS processes, providing methods to retrieve processes by various attributes.

__init__(heimdall_client: HeimdallClient)[source]

Initialize the MacOSProcesses manager with a Heimdall client.

Parameters:: heimdall_client (HeimdallClient) – The client used for interacting with the system kernel.

List all processes.