Unknown vs UNKNOWN - consistency

[GoogleCodeExporter]

Does anyone have a preference whether we print Unknown or UNKNOWN in output? I 
don't, but would like them to be consistent across plugins. Right now we have:

./volatility/plugins/dlldump.py:                    mod_name = "Unknown"
./volatility/plugins/moddump.py:                mod_name = "Unknown"
./volatility/plugins/pstree.py:            task_info['image_file_name'] = 
task.ImageFileName or 'UNKNOWN'
./volatility/plugins/pstree.py:                task_info['Audit ImageFileName'] 
= task.SeAuditProcessCreationInfo.ImageFileName.Name or 'UNKNOWN'
./volatility/plugins/ssdt.py:                    syscall_name = "Unknown"
./volatility/plugins/ssdt.py:                    syscall_modname = "UNKNOWN"
./volatility/timefmt.py:            return "UNKNOWN"

OK maybe I'm being picky, but it looks a little messy ;-) 

Original issue reported on code.google.com by michael.hale@gmail.com on 24 Jan 2012 at 7:56

[GoogleCodeExporter]

That's a tough call, it depends how weird it looks in the output.  I'd probably 
go for UNKNOWN to draw peoples eye to it (just so you know it's not the same as 
all the others), but equally I can imagine that looking really ugly/too much in 
certain plugins.  So I'm up for other opinions to help me make up my mind?

Original comment by mike.auty@gmail.com on 24 Jan 2012 at 8:33

[GoogleCodeExporter]

I think I'd go for "UNKNOWN" as well since it tends to catch your attention 
more.

Original comment by jamie.l...@gmail.com on 24 Jan 2012 at 3:38

[GoogleCodeExporter]

Cool, sounds like UNKNOWN is the winner. Btw Carl Pulley's stack plugin uses 
terminal coloring to draw people's eyes to certain things, but probably before 
we consider pretty colors let's finish the x64 and functionality. 

Original comment by michael.hale@gmail.com on 24 Jan 2012 at 3:42

[GoogleCodeExporter]

This issue was closed by revision r1305.

Original comment by michael.hale@gmail.com on 24 Jan 2012 at 3:48

• Changed state: Fixed