本文整理汇总了Python中lib.common.results.NetlogFile类的典型用法代码示例。如果您正苦于以下问题:Python NetlogFile类的具体用法?Python NetlogFile怎么用?Python NetlogFile使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了NetlogFile类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _upload_file
def _upload_file(local, remote):
if os.path.exists(local):
nf = NetlogFile(remote)
with open(local, "rb") as f:
for chunk in f:
nf.sock.sendall(chunk) # dirty direct send, no reconnecting
nf.close()示例2: run
def run(self):
"""Run screenshotting.
@return: operation status.
"""
img_counter = 0
img_last = None
while self.do_run:
time.sleep(SHOT_DELAY)
try:
filename = "screenshot%s.jpg" % str(img_counter)
img_current = take_screenshot(filename)
if img_last:
if Screenshot().equal(img_last, img_current):
continue
file = open(img_current, 'r')
tmpio = StringIO.StringIO(file.read())
# now upload to host from the StringIO
nf = NetlogFile("shots/%s.jpg" % str(img_counter).rjust(4, "0"))
for chunk in tmpio:
nf.sock.sendall(chunk)
nf.close()
file.close()
img_counter += 1
img_last = img_current
except IOError as e:
log.error("Cannot take screenshot: %s", e)
continue
return True示例3: dump_memory
def dump_memory(self):
"""Dump process memory.
@return: operation status.
"""
if not self.pid:
log.warning("No valid pid specified, memory dump aborted")
return False
if not self.is_alive():
log.warning("The process with pid %d is not alive, memory "
"dump aborted", self.pid)
return False
self.get_system_info()
page_size = self.system_info.dwPageSize
min_addr = self.system_info.lpMinimumApplicationAddress
max_addr = self.system_info.lpMaximumApplicationAddress
mem = min_addr
root = os.path.join(PATHS["memory"], str(int(time.time())))
if not os.path.exists(root):
os.makedirs(root)
# Now upload to host from the StringIO.
nf = NetlogFile(os.path.join("memory", "%s.dmp" % str(self.pid)))
process_handle = self.open_process()
while mem < max_addr:
mbi = MEMORY_BASIC_INFORMATION()
count = c_ulong(0)
if KERNEL32.VirtualQueryEx(process_handle,
mem,
byref(mbi),
sizeof(mbi)) < sizeof(mbi):
mem += page_size
continue
if mbi.State & MEM_COMMIT and \
mbi.Type & (MEM_IMAGE | MEM_MAPPED | MEM_PRIVATE):
buf = create_string_buffer(mbi.RegionSize)
if KERNEL32.ReadProcessMemory(process_handle,
mem,
buf,
mbi.RegionSize,
byref(count)):
nf.sock.sendall(buf.raw)
mem += mbi.RegionSize
else:
mem += page_size
KERNEL32.CloseHandle(process_handle)
nf.close()
log.info("Memory dump of process with pid %d completed", self.pid)
return True示例4: start
def start(self):
if not self.enabled:
return True
try:
if self.config.category != "file":
log.debug("Skipping authenticode validation, analysis is not "
"a file.")
return True
sign_path = os.path.join(os.getcwd(), "bin", "signtool.exe")
if not os.path.exists(sign_path):
log.info("Skipping authenticode validation, signtool.exe was "
"not found in bin/")
return True
log.debug("Checking for a digitial signature.")
file_path = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
cmd = '{0} verify /pa /v "{1}"'.format(sign_path, file_path)
ret, out, err = util.cmd_wrapper(cmd)
# Return was 0, authenticode certificate validated successfully
if not ret:
output = self.parse_digisig(out)
self.jsonify("Certificate Chain", self.cert_build)
self.jsonify("Timestamp Chain", self.time_build)
self.json_data["valid"] = True
log.debug("File has a valid signature.")
# Non-zero return, it didn't validate or exist
else:
self.json_data["error"] = True
errmsg = " ".join("".join(err.split(":")[1:]).split())
self.json_data["error_desc"] = errmsg
if "file format cannot be verified" in err:
log.debug("File format not recognized.")
elif "No signature found" not in err:
log.debug("File has an invalid signature.")
output = self.parse_digisig(out)
self.jsonify("Certificate Chain", self.cert_build)
self.jsonify("Timestamp Chain", self.time_build)
else:
log.debug("File is not signed.")
if self.json_data:
log.info("Uploading signature results to aux/{0}.json".format(
self.__class__.__name__))
upload = StringIO()
upload.write(json.dumps(self.json_data))
upload.seek(0)
nf = NetlogFile("aux/{0}.json".format(self.__class__.__name__))
for chunk in upload:
nf.sock.sendall(chunk)
nf.close()
except Exception:
import traceback
log.exception(traceback.format_exc())
return True示例5: finish
def finish(self):
log.info("starting to send data")
data = self.m.get_logs()
log.info("size of log: {}".format(len(data)))
nc = NetlogFile("files/proxyLog.log")
log.info("netlog initiated")
nc.send(data, retry=True)
log.info("netlog sent")
return True示例6: dump_memory_block
def dump_memory_block(self, addr, length):
"""Dump process memory.
@return: operation status.
"""
if not self.pid:
log.warning("No valid pid specified, memory dump aborted")
return False
if not self.is_alive():
log.warning("The process with pid %d is not alive, memory "
"dump aborted", self.pid)
return False
self.get_system_info()
page_size = self.system_info.dwPageSize
if length < page_size:
length = page_size
# Now upload to host from the StringIO.
idx = self.dumpmem[self.pid] = self.dumpmem.get(self.pid, 0) + 1
file_name = os.path.join("memory", "block-%s-%s-%s.dmp" % (self.pid, hex(addr), idx))
process_handle = self.open_process()
mbi = MEMORY_BASIC_INFORMATION()
if KERNEL32.VirtualQueryEx(process_handle,
addr,
byref(mbi),
sizeof(mbi)) == 0:
log.warning("Couldn't obtain MEM_BASIC_INFO for pid %d address %s", self.pid, hex(addr))
return False
# override request with the full mem region attributes
addr = mbi.BaseAddress
length = mbi.RegionSize
count = c_ulong(0)
try:
buf = create_string_buffer(length)
if KERNEL32.ReadProcessMemory(process_handle, addr, buf, length, byref(count)):
header = struct.pack("QIIII", addr, length, mbi.State, mbi.Type, mbi.Protect)
nf = NetlogFile()
nf.init(file_name)
nf.sock.sendall(header)
nf.sock.sendall(buf.raw)
nf.close()
else:
log.warning("ReadProcessMemory failed on process_handle %r addr %s length %s", process_handle, hex(addr), hex(length))
except:
log.exception("ReadProcessMemory exception on process_handle %r addr %s length %s", process_handle, hex(addr), hex(length))
KERNEL32.CloseHandle(process_handle)
log.info("Memory block dump of process with pid %d, addr %s, length %s completed", self.pid, hex(addr), hex(length))
return True示例7: dump_memory
def dump_memory(self):
"""Dump process memory.
@return: operation status.
"""
if self.pid == 0:
log.warning("No valid pid specified, memory dump aborted")
return False
if not self.is_alive():
log.warning("The process with pid %d is not alive, "
"memory dump aborted" % self.pid)
return False
self.get_system_info()
page_size = self.system_info.dwPageSize
min_addr = self.system_info.lpMinimumApplicationAddress
max_addr = self.system_info.lpMaximumApplicationAddress
mem = min_addr
root = os.path.join(PATHS["memory"], str(int(time())))
if not os.path.exists(root):
os.makedirs(root)
# now upload to host from the StringIO
nf = NetlogFile("memory/%s.dmp" % str(self.pid))
while(mem < max_addr):
mbi = MEMORY_BASIC_INFORMATION()
count = c_ulong(0)
if KERNEL32.VirtualQueryEx(self.h_process,
mem,
byref(mbi),
sizeof(mbi)) < sizeof(mbi):
mem += page_size
continue
if mbi.State == 0x1000 and mbi.Type == 0x20000:
buf = create_string_buffer(mbi.RegionSize)
if KERNEL32.ReadProcessMemory(self.h_process,
mem,
buf,
mbi.RegionSize,
byref(count)):
nf.sock.sendall(buf.raw)
mem += mbi.RegionSize
else:
mem += page_size
nf.close()
log.info("Memory dump of process with pid %d completed" % self.pid)
return True示例8: run
def run(self):
"""Run screenshotting.
@return: operation status.
"""
if "screenshots" in self.options:
self.do_run = int(self.options["screenshots"])
scr = Screenshot()
# TODO We should also send the action "pillow" so that the Web
# Interface can adequately inform the user about this missing library.
if not scr.have_pil():
log.info(
"Python Image Library (either PIL or Pillow) is not "
"installed, screenshots are disabled."
)
return False
img_counter = 0
img_last = None
while self.do_run:
time.sleep(SHOT_DELAY)
try:
img_current = scr.take()
except IOError as e:
log.error("Cannot take screenshot: %s", e)
continue
if img_last and scr.equal(img_last, img_current, SKIP_AREA):
continue
img_counter += 1
# workaround as PIL can't write to the socket file object :(
tmpio = StringIO.StringIO()
img_current.save(tmpio, format="JPEG")
tmpio.seek(0)
# now upload to host from the StringIO
nf = NetlogFile()
nf.init("shots/%04d.jpg" % img_counter)
for chunk in tmpio:
nf.sock.sendall(chunk)
nf.close()
img_last = img_current
return True示例9: upload
def upload(self, out_file, remote_file):
filename = os.path.join(self.output_dir, out_file)
while not os.path.exists(filename):
time.sleep(2)
file = open(filename, "r")
tmpio = StringIO.StringIO(file.read())
nf = NetlogFile("logs/%s" % remote_file)
for chunk in tmpio:
nf.sock.sendall(chunk)
nf.close()
file.close()示例10: run
def run(self):
"""Run capturing of usage info.
@return: operation status.
"""
meminfo = MEMORYSTATUSEX()
meminfo.dwLength = sizeof(MEMORYSTATUSEX)
phquery = PVOID()
PDH.PdhOpenQuery(None, None, byref(phquery))
buflen = DWORD()
buflen.value = 0
PDH.PdhExpandWildCardPathA(None, "\\Processor(*)\\% Processor Time", None, byref(buflen), 0)
buf = create_string_buffer(buflen.value + 1)
PDH.PdhExpandWildCardPathA(None, "\\Processor(*)\\% Processor Time", buf, byref(buflen), 0)
counters = buf.raw.rstrip("\x00").split("\x00")
counter_handles = []
for counter in counters:
if "_Total" in counter:
continue
phcounter = PVOID()
PDH.PdhAddCounterA(phquery, counter, None, byref(phcounter))
counter_handles.append(phcounter)
nf = NetlogFile("aux/usage.log")
PDH.PdhCollectQueryData(phquery)
while self.do_run:
time.sleep(2)
PDH.PdhCollectQueryData(phquery)
usage = PDH_FMT_COUNTERVALUE()
bigfloat = 0.0
for counter_handle in counter_handles:
PDH.PdhGetFormattedCounterValue(counter_handle, PDH_FMT_DOUBLE, None, byref(usage))
if usage.doubleValue > bigfloat:
bigfloat = usage.doubleValue
KERNEL32.GlobalMemoryStatusEx(byref(meminfo))
usagedata = "%d %d\n" % (meminfo.dwMemoryLoad, round(bigfloat))
nf.sock.sendall(usagedata)
for counter_handle in counter_handles:
PDH.PdhRemoveCounter(counter_handle)
PDH.PdhCloseQuery(phquery)
nf.close()
return True
示例11: stop
def stop(self):
# i guess we don't need to unload at all
#os.system("rmmod probelkm")
# now upload the logfile
nf = NetlogFile("logs/all.lkm")
fd = open("/var/log/kern.log")
for line in fd:
if not "[probelkm]" in line: continue
nf.sock.sendall(line) # dirty direct send, no reconnecting
fd.close()
nf.close()示例12: run
def run(self):
"""Run screenshotting.
@return: operation status.
"""
if "screenshots" in self.options:
shot_delay = int(self.options["screenshots"])
if shot_delay == 0: self.do_run = False
else:
shot_delay = 1
if not Screenshot().have_pil():
log.warning("Python Image Library is not installed, "
"screenshots are disabled")
return False
img_counter = 0
img_last = None
while self.do_run:
time.sleep(shot_delay)
try:
img_current = Screenshot().take()
except IOError as e:
log.error("Cannot take screenshot: %s", e)
continue
if img_last:
if Screenshot().equal(img_last, img_current, SKIP_AREA):
continue
img_counter += 1
# workaround as PIL can't write to the socket file object :(
tmpio = StringIO.StringIO()
img_current.save(tmpio, format="JPEG")
tmpio.seek(0)
# now upload to host from the StringIO
nf = NetlogFile()
nf.init("shots/%s.jpg" % str(img_counter).rjust(4, "0"))
for chunk in tmpio:
nf.sock.sendall(chunk)
nf.close()
img_last = img_current
return True示例13: dump_memory
def dump_memory(self):
"""Dump process memory.
@return: operation status.
"""
if not self.pid:
log.warning("No valid pid specified, memory dump aborted")
return False
if not self.is_alive():
log.warning("The process with pid %d is not alive, memory "
"dump aborted", self.pid)
return False
bin_name = ""
bit_str = ""
file_path = os.path.join(PATHS["memory"], "{0}.dmp".format(self.pid))
if self.is_64bit():
bin_name = "bin/loader_x64.exe"
bit_str = "64-bit"
else:
bin_name = "bin/loader.exe"
bit_str = "32-bit"
if os.path.exists(bin_name):
ret = subprocess.call([bin_name, "dump", str(self.pid), file_path])
if ret == 1:
log.info("Dumped %s process with pid %d", bit_str, self.pid)
else:
log.error("Unable to dump %s process with pid %d, error: %d", bit_str, self.pid, ret)
return False
else:
log.error("Please place the %s binary from cuckoomon into analyzer/windows/bin in order to analyze %s binaries.", os.path.basename(bin_name), bit_str)
return False
nf = NetlogFile(os.path.join("memory", "{0}.dmp".format(self.pid)))
infd = open(file_path, "rb")
buf = infd.read(1024*1024)
try:
while buf:
nf.send(buf, retry=False)
buf = infd.read(1024*1024)
nf.close()
except:
log.warning("Memory dump of process with pid %d failed", self.pid)
return False
log.info("Memory dump of process with pid %d completed", self.pid)
return True示例14: dump_memory
def dump_memory(self):
"""Dump process memory.
@return: operation status.
"""
if not self.pid:
log.warning("No valid pid specified, memory dump aborted")
return False
if not self.is_alive():
log.warning("The process with pid %d is not alive, memory "
"dump aborted", self.pid)
return False
if self.is32bit(pid=self.pid):
inject_exe = os.path.join("bin", "inject-x86.exe")
else:
inject_exe = os.path.join("bin", "inject-x64.exe")
# Take the memory dump.
dump_path = tempfile.mktemp()
try:
args = [
inject_exe,
"--pid", "%s" % self.pid,
"--dump", dump_path,
]
subprocess.check_call(args)
except subprocess.CalledProcessError:
log.error("Failed to dump memory of %d-bit process with pid %d.",
32 if self.is32bit(pid=self.pid) else 64, self.pid)
return
# Calculate the next index. We keep in mind that one process may have
# multiple process memory dumps in the future.
idx = self.dumpmem[self.pid] = self.dumpmem.get(self.pid, 0) + 1
nf = NetlogFile(os.path.join("memory", "%s-%s.dmp" % (self.pid, idx)))
# Send the dumped file.
with open(dump_path, "rb") as f:
nf.sock.sendall(f.read(1024 * 1024))
nf.close()
os.unlink(dump_path)
log.info("Memory dump of process with pid %d completed", self.pid)
return True示例15: run
def run(self):
"""Run screenshotting.
@return: operation status.
"""
if not Screenshot().have_pil():
log.warning("Python Image Library is not installed, "
"screenshots are disabled")
return False
img_counter = 0
img_last = None
while self.do_run:
time.sleep(SHOT_DELAY)
try:
img_current = Screenshot().take()
except IOError as e:
log.error("Cannot take screenshot: %s", e)
continue
if img_last:
if Screenshot().equal(img_last, img_current):
continue
img_counter += 1
#send a return keystroke for installers
self.sendKey(0x24)
try:
# workaround as PIL can't write to the socket file object :(
tmpio = StringIO.StringIO()
img_current.save(tmpio, format="PNG")
tmpio.seek(0)
except:
log.exception("Unable to write screenshot to disk.")
# now upload to host from the StringIO
nf = NetlogFile("shots/%s.png" % str(img_counter).rjust(4, "0"))
for chunk in tmpio:
nf.sock.sendall(chunk)
nf.close()
img_last = img_current
return True