本文整理汇总了Python中volatility.registry.register_global_options函数的典型用法代码示例。如果您正苦于以下问题:Python register_global_options函数的具体用法?Python register_global_options怎么用?Python register_global_options使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了register_global_options函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: main
def main():
if len(sys.argv) != 4:
print "Usage: %s %s %s %s" % (sys.argv[0], "profile", "memdump", "targetprocname")
sys.exit(1)
registry.PluginImporter()
config = conf.ConfObject()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = sys.argv[1]
config.LOCATION = sys.argv[2]
processes = taskmods.PSList(config)
target = filter_by_name(processes, sys.argv[3])
# .text info
imagebase, va, rawsize = get_text_section_info(target)
if imagebase == None:
print "[-] Error: probably wrong .text section name"
sys.exit(1)
text_start = imagebase + va
text_end = imagebase + va + rawsize
permissions = get_vad_protect_flags(target, text_start, text_end)
print "0x%x-0x%x %s %s" % (text_start, text_end, permissions, TEXT_TAG)
# dll info
modules = get_dll_info(target)
# printing dll info
for name, info in modules.items():
dll_start = info[0]
dll_end = info[0] + info[1]
permissions = get_vad_protect_flags(target, dll_start, dll_end)
print "0x%x-0x%x %s %s" % (dll_start, dll_end, permissions, name)
# heap info
hs = get_heap_info(target)
# printing heap info
for h in hs:
heap_start = h.BaseAddress.v()
heap_end = h.LastValidEntry.v()
permissions = get_vad_protect_flags(target, heap_start, heap_end)
print "0x%x-0x%x %s %s" % (h.BaseAddress, h.LastValidEntry, permissions, HEAP_TAG)
# stack info
tebs = get_stack_info(target)
# printing stack info
for t in tebs:
stack_start = t.NtTib.StackBase.v()
stack_end = t.NtTib.StackLimit.v()
permissions = get_vad_protect_flags(target, stack_start, stack_end)
print "0x%x-0x%x %s %s" % (stack_start, stack_end, permissions, STACK_TAG)
开发者ID:emdel,项目名称:scripts,代码行数:60,代码来源:wincodeinfo.py
示例2: __init__
def __init__(self):
# Get the version information on every output from the beginning
# Exceptionally useful for debugging/telling people what's going on
#sys.stderr.write("Volatile Systems Volatility Framework {0}\n".format(constants.VERSION))
#sys.stderr.flush()
self.config = conf.ConfObject()
self.cmds = {}
#self.profile = "--profile=Linuxcentos5_5x86"
self.vmprocessMap = {}
self.config.add_option("INFO", default = None, action = "store_true",
cache_invalidator = False,
help = "Print information about all registered objects")
# Setup the debugging format
debug.setup()
# Load up modules in case they set config options
registry.PluginImporter()
## Register all register_options for the various classes
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
registry.register_global_options(self.config, commands.Command)
# Reset the logging level now we know whether debug is set or not
debug.setup(self.config.DEBUG)
#pdb.set_trace()
## Try to find the first thing that looks like a module name
self.cmds = registry.get_plugin_classes(commands.Command, lower = True)
开发者ID:aqwertaqwert,项目名称:my_design_for_graduate,代码行数:31,代码来源:vmInspection.py
示例3: init_config
def init_config(self):
"""
Volatility 설정 초기화
:return:
"""
if self.config is not None and self.addr_space is not None:
return self.config
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": 'plugins',
"debug": 4,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
self.config.parse_options()
if self.osprofile:
base_conf["profile"] = self.osprofile
self.update_config(base_conf)
# 사용가능한 플러그인 목록 저장
# self.plugins = Dictionary
# key: 플러그인 클래스 이름
# value: 플러그인 클래스 인스턴스
self.plugins = registry.get_plugin_classes(commands.Command, lower=True)
profs = registry.get_plugin_classes(obj.Profile)
profile = profs[self.config.PROFILE]()
# self.plugins에서 플러그인 리스트 추출
for cmd_name, command in self.plugins.items():
if command.is_valid_profile(profile):
self.plugin_list.append(cmd_name)
return self.config
开发者ID:neplyudof,项目名称:lyzer,代码行数:59,代码来源:volinterface.py
示例4: get_config
def get_config(profile, target_path):
config = conf.ConfObject()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = profile
config.LOCATION = "file://{0}".format(target_path)
return config
开发者ID:BryanSingh,项目名称:volatility,代码行数:8,代码来源:libapi.py
示例5: main
def main(argv=None):
setupLogging("admemanalysis.log",logging.INFO)
registry.PluginImporter()
config = conf.ConfObject()
config.add_option('OUTPUT-PATH', default=None,
help='Where to create output files',
action='store', type='str')
config.process_id = None
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
if not os.path.isfile("inputdata.json"):
raise NameError("Input file(inpudata.json) was not found")
data = None
with open("inputdata.json") as data_file:
data = json.load(data_file)
operations = data['operationdata']
sys.argv.append("-f")
sys.argv.append(data["filestreamtoanalyze"])
sys.argv.append("--profile")
profile = data["profiletypename"] or ProfileGeneratorClass().GetProfile()
logging.info('profile detected is {0}'.format(profile))
sys.argv.append(profile)
output_path = data.get('outputpath') or ''
config.parse_options(False)
sys.argv.append("--output-path")
sys.argv.append(output_path)
config.parse_options()
if utils.getConfigValue(operations,'process') == True:
adprocessesfactory.ADProcesses().execute(operations,config)
if utils.getConfigValue(operations,'drivers') == True:
addriveranddevicefactory.DriverDeviceScan().execute(config)
if utils.getConfigValue(operations,'modules') == True:
adkernelmodulesfactory.ADKernelModules().execute(config)
if utils.getConfigValue(operations,'sdts')== True:
adsdtfactory.ADSdtGenerator().execute(config)
if utils.getConfigValue(operations,'yarascan') == True:
adyarascanfactory.ADYaraScan().execute("",config)
if utils.getConfigValue(operations,'idt') == True:
processors = kpcr.doProcessors(config)
f = open(config.OUTPUT_PATH + 'processors.xml','w')
#f.write(processors.SerializeToString())
f.write(proto2xml(processors,indent=0))
if utils.getConfigValue(operations,'registry') == True:
adregistryfactory.ADRegistryExtractor().execute(config)
开发者ID:r1nswenson,项目名称:volatility,代码行数:57,代码来源:admemoryanalysis.py
示例6: init_volatility_config
def init_volatility_config():
global config
global addr_space
registry.PluginImporter()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = 'Win7SP1x86'
mem_image_path = os.path.abspath(sys.argv[1])
config.LOCATION = 'file://' + mem_image_path
addr_space = utils.load_as(config)
开发者ID:fanixk,项目名称:evilmemscan,代码行数:11,代码来源:scan.py
示例7: __config
def __config(self):
"""Creates a volatility configuration."""
if self.config != None and self.addr_space != None:
return self.config
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": None,
"debug": None,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
if self.osprofile:
base_conf["profile"] = self.osprofile
for key, value in base_conf.items():
self.config.update(key, value)
# Deal with Volatility support for KVM/qemu memory dump.
# See: #464.
try:
self.addr_space = utils.load_as(self.config)
except exc.AddrSpaceError as e:
if self._get_dtb():
self.addr_space = utils.load_as(self.config)
else:
raise
self.plugins = registry.get_plugin_classes(commands.Command,
lower=True)
return self.config
开发者ID:Shane-Carr,项目名称:cuckoo-modified,代码行数:52,代码来源:memory.py
示例8: volmain
def volmain(argv):
# Few modifications in original code
config.set_usage(usage = "Volatility - A memory forensics analysis platform.")
config.add_help_hook(list_plugins)
argv = argv.split(" ")
sys.argv = argv
#print sys.argv
# Get the version information on every output from the beginning
# Exceptionally useful for debugging/telling people what's going on
sys.stderr.write("Volatile Systems Volatility Framework {0}\n".format(constants.VERSION))
# Setup the debugging format
debug.setup()
# Load up modules in case they set config options
registry.PluginImporter()
## Register all register_options for the various classes
registry.register_global_options(config, addrspace.BaseAddressSpace)
registry.register_global_options(config, commands.Command)
if config.INFO:
print_info()
#sys.exit(0)
## Parse all the options now
config.parse_options(False)
# Reset the logging level now we know whether debug is set or not
debug.setup(config.DEBUG)
module = None
## Try to find the first thing that looks like a module name
cmds = registry.get_plugin_classes(commands.Command, lower = True)
for m in config.args:
if m in cmds.keys():
module = m
break
if not module:
config.parse_options()
#debug.error("You must specify something to do (try -h)")
try:
if module in cmds.keys():
command = cmds[module](config)
## Register the help cb from the command itself
config.set_help_hook(obj.Curry(command_help, command))
config.parse_options()
if not config.LOCATION:
debug.error("Please specify a location (-l) or filename (-f)")
#print config.LOCATION
command.execute()
except exceptions.VolatilityException, e:
print e
开发者ID:cysinfo,项目名称:PyMal,代码行数:52,代码来源:pymal.py
示例9: __init__
def __init__(self, image_path):
"""
Create a new Analyzer, with a given image_path
"""
registry.PluginImporter()
self.config = conf.ConfObject()
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
# self.config.PROFILE = "WinXPSP3x86"
self.config.LOCATION = image_path
self.config.parse_options()
开发者ID:AlbertoRico,项目名称:vol-o-matic,代码行数:15,代码来源:volatility_interface.py
示例10: run_plugin_process
def run_plugin_process(name, queue, config, cmds):
registry.PluginImporter()
registry.register_global_options(config, addrspace.BaseAddressSpace)
registry.register_global_options(config, commands.Command)
config.parse_options()
command = cmds[name](config)
print 'running: ' + name
try:
calc = command.calculate()
command.render_sqlite(config.OUTPUT_FILE, calc)
except Exception as err:
print name + ': ' + err.message
finally:
queue.put(name)
return
开发者ID:jack51706,项目名称:evolve,代码行数:15,代码来源:evolve.py
示例11: get_address_space
def get_address_space(service_path, profile, yara_path):
log.info("Obtaining address space and generating config for volatility")
registry.PluginImporter()
config = conf.ConfObject()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = profile
config.LOCATION = service_path
config.YARA_FILE = yara_path
return utils.load_as(config)
开发者ID:RoeeM,项目名称:detekt,代码行数:15,代码来源:detector.py
示例12: add_registry
def add_registry(self, config, deb):
self._config = config #conf.ConfObject()
self._debug = deb
self._debug.setup()
registry.PluginImporter()
registry.register_global_options(self._config, commands.Command)
registry.register_global_options(self._config, addrspace.BaseAddressSpace)
self._config.add_option('ENABLEDB', short_option='e',
default=False, action='store_true',
help='Enable database storage for reuse purpose')
self._config.add_option('DBPATH', short_option='m', default='mongodb://localhost:27017',
help='Specify mongodb connection url',
action='store', type='str')
self._config.parse_options()
self._debug.setup(self._config.DEBUG)
self._filename = self._config.FILENAME
开发者ID:shifter,项目名称:forensic,代码行数:16,代码来源:volinfo.py
示例13: __init__
def __init__(self, profile, kdbg, memimg):
'''
@profile: a Volatality profile string
@kdbg: a kdbg address string
@memimg: a memory image file name
'''
# volatility black magic
registry.PluginImporter()
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler(handler="resolve")
registry.register_global_options(self.config, commands.Command)
if memimg:
self.base_conf = {'profile': profile,
'use_old_as': None,
'kdbg': None if kdbg is None else int(kdbg, 16),
'help': False,
'kpcr': None,
'tz': None,
'pid': None,
'output_file': None,
'physical_offset': None,
'conf_file': None,
'dtb': None,
'output': None,
'info': None,
'location': "file://" + memimg,
'plugins': None,
'debug': None,
'cache_dtb': True,
'filename': None,
'cache_directory': None,
'verbose': None,
'write': False}
# set the default config
for k, v in self.base_conf.items():
self.config.update(k, v)
if profile == None:
profile = self.guess_profile(memimg)
sys.stderr.write("Using profile: %s\n" % profile)
开发者ID:504ensicsLabs,项目名称:DAMM,代码行数:43,代码来源:volsetup.py
示例14: GetConfig
def GetConfig(theFile):
#define Baseline Config
base_conf = {'profile': None,
'use_old_as': None,
'kdbg': None,
'help': False,
'kpcr': None,
'tz': None,
'pid': None,
'output_file': None,
'physical_offset': None,
'conf_file': None,
'dtb': None,
'output': 'text',
'info': None,
'location': theFile,
'plugins': None,
'debug': None,
'cache_dtb': True,
'filename': theFile,
'cache_directory': None,
'verbose': None, 'write':False}
#create volatility config object
configs = conf.ConfObject()
#set location value to file name
configs.LOCATION = theFile
#register global options for volatility functions/plugins to use
registry.register_global_options(configs, commands.Command)
registry.register_global_options(configs, addrspace.BaseAddressSpace)
#run imgageinfo plug to get extract image profile
version = GetVersion(configs)
if not version == None:
#using the base line config update our config object
for k,v in base_conf.items():
configs.update(k, v)
#set config object profile to the version extracted
configs.update('profile', version)
#return config object to be used with our plugins
return configs
else:
return None
开发者ID:offsecn00b,项目名称:NetConnSearch,代码行数:43,代码来源:NetConnSearch.py
示例15: init_config
def init_config(self):
"""Creates a volatility configuration."""
if self.config is not None and self.addr_space is not None:
return self.config
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": None,
"debug": 4,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
if self.osprofile:
base_conf["profile"] = self.osprofile
for key, value in base_conf.items():
self.config.update(key, value)
self.plugins = registry.get_plugin_classes(commands.Command, lower=True)
return self.config
开发者ID:KevinKien,项目名称:VolUtility,代码行数:42,代码来源:vol_interface.py
示例16: run_plugin_process
def run_plugin_process(name, queue, config, cmds):
registry.PluginImporter()
registry.register_global_options(config, addrspace.BaseAddressSpace)
registry.register_global_options(config, commands.Command)
config.parse_options()
command = cmds[name](config)
print 'running: ' + name
errstr = ''
try:
calc = command.calculate()
command.render_sqlite(config.OUTPUT_FILE, calc)
#AddColumn(config.OUTPUT_FILE, name, 'profile', config.PROFILE)
except Exception as err:
print name + ': ' + err.message
errstr = err.message
finally:
result = {name:errstr}
queue.put(result)
#queue.put(name)
return
开发者ID:JamesHabben,项目名称:evolve,代码行数:20,代码来源:evolve.py
示例17: _init_volatility
def _init_volatility(self):
#import sys
# for mod in sys.modules.keys():
# if 'parse' in mod:
# del sys.modules[mod]
# print "deleted",mod
#import sys
# if len(sys.argv) > 3:
# #sys.args=[sys.args[3]]
# sys.argv=[sys.argv[0],'-f',sys.argv[3]]
# print 'after modif',sys.argv
import volatility.conf as conf
import volatility.registry as registry
registry.PluginImporter()
config = conf.ConfObject()
import volatility.commands as commands
import volatility.addrspace as addrspace
import volatility.utils as volutils
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
# Dying because it cannot parse argv options
# apparently, it was not required to parse options. hey.
# config.parse_options()
#addr_space = volutils.load_as(config,astype = 'any')
#print config.PROFILE
#import code
#code.interact(local=locals())
config.PROFILE = self.profile
#_target_platform.LOCATION = "file:///media/memory/private/image.dmp"
config.LOCATION = "file://%s" % self.imgname
config.PID = str(self.pid)
self.config = config
import volatility.plugins.vadinfo as vadinfo
command = vadinfo.VADWalk(config)
command.render_text = partial(my_render_text, self, command)
command.execute()
开发者ID:cy-fir,项目名称:python-haystack,代码行数:39,代码来源:vol.py
示例18: init_volatility
def init_volatility():
import volatility.conf as volconf
import volatility.registry as registry
import volatility.commands as commands
import volatility.addrspace as addrspace
if hasattr(volconf, "PyREBoxVolatility"):
registry.PluginImporter()
vol_config = volconf.ConfObject()
registry.register_global_options(vol_config, commands.Command)
registry.register_global_options(vol_config, addrspace.BaseAddressSpace)
vol_config.PROFILE = conf_m.vol_profile
# Set global volatility configuration
conf_m.vol_conf = vol_config
return True
else:
pp_error("""The imported volatility version is not appropriate for PyREBox:
* Your local volatility installation may be in conflict with PyREBox's volatility installation...
... set up a virtual env to avoid the conflict (see installation instructions).
* You have a virtual env for PyREBox's python dependencies, and you forgot to activate it!
... you know what to do!\n""")
return False
开发者ID:CRYP706URU,项目名称:pyrebox,代码行数:23,代码来源:init.py
示例19: _init_volatility
def _init_volatility(self):
#import sys
# for mod in sys.modules.keys():
# if 'parse' in mod:
# del sys.modules[mod]
# print "deleted",mod
#import sys
# if len(sys.argv) > 3:
# #sys.args=[sys.args[3]]
# sys.argv=[sys.argv[0],'-f',sys.argv[3]]
# print 'after modif',sys.argv
import volatility.conf as conf
import volatility.registry as registry
registry.PluginImporter()
config = conf.ConfObject()
import volatility.commands as commands
import volatility.addrspace as addrspace
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = self.profile
#_target_platform.LOCATION = "file:///media/memory/private/image.dmp"
config.LOCATION = "file://%s" % self.imgname
config.PID = str(self.pid)
self.config = config
import volatility.plugins.vadinfo as vadinfo
#import code
#print _target_platform.__dict__
# code.interact(local=locals())
command = vadinfo.VADWalk(config)
command.render_text = partial(my_render_text, self, command)
command.execute()
开发者ID:GarrusRiflle,项目名称:fuck_github,代码行数:36,代码来源:vol.py
示例20: main
def main():
# Get the version information on every output from the beginning
# Exceptionally useful for debugging/telling people what's going on
sys.stderr.write("Volatility Foundation Volatility Framework {0}\n".format(constants.VERSION))
sys.stderr.flush()
# Setup the debugging format
debug.setup()
# Load up modules in case they set config options
registry.PluginImporter()
## Register all register_options for the various classes
registry.register_global_options(config, addrspace.BaseAddressSpace)
registry.register_global_options(config, commands.Command)
if config.INFO:
print_info()
sys.exit(0)
## Parse all the options now
config.parse_options(False)
# Reset the logging level now we know whether debug is set or not
debug.setup(config.DEBUG)
module = None
## Try to find the first thing that looks like a module name
cmds = registry.get_plugin_classes(commands.Command, lower = True)
for m in config.args:
if m in cmds.keys():
module = m
break
if not module:
config.parse_options()
debug.error("You must specify something to do (try -h)")
try:
if module in cmds.keys():
command = cmds[module](config)
import traceback
## Register the help cb from the command itself
config.set_help_hook(obj.Curry(command_help, command))
config.parse_options()
if config.XENDOMAIN:
conn = libvirt.open("xen:///")
if conn == None:
debug.error("Failed to open connection to the hypervisor")
try:
dom = conn.lookupByName(config.XENDOMAIN)
if dom == None:
debug.error("Cannot find guest to be dumped")
print "Domain: id %d running %s" % (dom.ID(), dom.OSType())
filepath = "/tmp/" + config.XENDOMAIN
os.remove(filepath) if os.path.exists(filepath) else None
snapshot = False
if snapshot:
if dom.save(filepath) < 0:
debug.error("Unable save guest to %s" % filepath)
print "Chosen guest saved to %s" % filepath
id = conn.restore(filepath)
if id < 0:
debug.error('Unable to restore chosen guest from file %s' % filepath)
dom = conn.lookupByName(config.XENDOMAIN)
if dom == None:
debug.error("Domain wasn't restored from file %s" % filepath)
print "Guest memory snapshot complete! Location: %s" % filepath
else:
if dom.coreDump(filepath, flags = libvirt.VIR_DUMP_LIVE) < 0:
debug.error("Unable to dump guest")
print "Chosen guest dumped to %s" % filepath
if dom == None:
debug.error("Domain crashed!")
print "Guest memory dump complete! Location: %s" % filepath
conn.close()
config.LOCATION = "file://" + filepath
except:
print traceback.format_exc()
debug.error("Failed to find domain")
if not config.LOCATION and not config.XENDOMAIN:
debug.error("Please specify filename (-f) or XEN domain (-x)")
command.execute()
except exceptions.VolatilityException, e:
print e
开发者ID:AndrewChubatiuk,项目名称:VolatilityLibvirtXen,代码行数:85,代码来源:vol.py
注:本文中的volatility.registry.register_global_options函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论