Merge pull request #1616 from volatilityfoundation/dgmcdona/windows_c…

…mdline_output Windows Cmdline: Clean up output
volatilityfoundation · Feb 13, 2025 · 3f2a514 · 3f2a514
2 parents 4172a57 + bcbfc27
commit 3f2a514
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/volatility3/framework/plugins/windows/cmdline.py b/volatility3/framework/plugins/windows/cmdline.py
@@ -70,6 +70,7 @@ def _generator(self, procs):
         for proc in procs:
             process_name = utility.array_to_string(proc.ImageFileName)
             proc_id = "Unknown"
+            result_text = None
 
             try:
                 proc_id = proc.UniqueProcessId
@@ -78,13 +79,22 @@ def _generator(self, procs):
                 )
 
             except exceptions.SwappedInvalidAddressException as exp:
-                result_text = f"Required memory at {exp.invalid_address:#x} is inaccessible (swapped)"
+                vollog.debug(
+                    f"Required memory at {exp.invalid_address:#x} is inaccessible (swapped)"
+                )
 
             except exceptions.PagedInvalidAddressException as exp:
-                result_text = f"Required memory at {exp.invalid_address:#x} is not valid (process exited?)"
+                vollog.debug(
+                    f"Required memory at {exp.invalid_address:#x} is not valid (process exited?)"
+                )
 
             except exceptions.InvalidAddressException as exp:
-                result_text = f"Process {proc_id}: Required memory at {exp.invalid_address:#x} is not valid (incomplete layer {exp.layer_name}?)"
+                vollog.debug(
+                    f"Process {proc_id}: Required memory at {exp.invalid_address:#x} is not valid (incomplete layer {exp.layer_name}?)"
+                )
+
+            if not result_text:
+                result_text = renderers.UnreadableValue()
 
             yield (0, (proc.UniqueProcessId, process_name, result_text))