当前位置: 首页>>代码示例>>Python>>正文


Python debug.debug函数代码示例

本文整理汇总了Python中volatility.debug.debug函数的典型用法代码示例。如果您正苦于以下问题:Python debug函数的具体用法?Python debug怎么用?Python debug使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了debug函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: generate_suggestions

    def generate_suggestions(self):
        """Generates a single response of True or False depending on whether the space is a valid Windows AS"""
        # This constraint looks for self referential values within
        # the paging tables
        try:
            if self.obj_vm.pae:
                pde_base = 0xC0600000
                pd = self.obj_vm.get_pdpte(0) & 0xFFFFFFFFFF000
            else:
                pde_base = 0xC0300000
                pd = self.obj_vm.dtb
            if self.obj_vm.vtop(pde_base) == pd:
                yield True
                raise StopIteration

        except addrspace.ASAssertionError as _e:
            pass
        debug.debug("Failed to pass the Moyix Valid IA32 AS test", 3)

        # This constraint verifies that _KUSER_ SHARED_DATA is shared
        # between user and kernel address spaces.
        if (self.obj_vm.vtop(0xFFDF0000)) == (self.obj_vm.vtop(0x7FFE0000)):
            if self.obj_vm.vtop(0xFFDF0000) != None:
                yield True
                raise StopIteration
        debug.debug("Failed to pass the labarum_x Valid IA32 AS test", 3)

        yield False
开发者ID:carmaa,项目名称:volatility-2.2-python3,代码行数:28,代码来源:windows.py

示例2: get_autoruns

    def get_autoruns(self):

        debug.debug('Started get_autoruns()')
        results = []
        hive_key_list = []

        try:
            # Gather all software run keys
            self.regapi.reset_current()
            for run_key in SOFTWARE_RUN_KEYS:
                hive_key_list += [k for k in self.regapi.reg_yield_key(hive_name='software', key=run_key)]

            # Gather all ntuser run keys
            self.regapi.reset_current()
            for run_key in NTUSER_RUN_KEYS:
                hive_key_list += [k for k in self.regapi.reg_yield_key(hive_name='ntuser.dat', key=run_key)]

            # hive_key = (key pointer, hive_name)
            for hive_key in hive_key_list:
                results += self.parse_autoruns_key(hive_key)

        except Exception as e:
            debug.warning('get_autoruns() failed to complete. Exception: {0} {1}'.format(type(e).__name__, e.args))

        debug.debug('Finished get_autoruns()')
        return results
开发者ID:tomchop,项目名称:volatility-autoruns,代码行数:26,代码来源:autoruns.py

示例3: load_modifications

    def load_modifications(self):
        """ Find all subclasses of the modification type and applies them

            Each modification object can specify the metadata with which it can work
            Allowing the overlay to decide which profile it should act on
        """

        # Collect together all the applicable modifications
        mods = {}
        for i in self._get_subclasses(ProfileModification):
            modname = i.__name__
            instance = i()
            # Leave abstract modifications out of the dependency tree
            # Also don't consider the base ProfileModification object
            if not modname.startswith("Abstract") and i != ProfileModification:
                if modname in mods:
                    raise RuntimeError("Duplicate profile modification name {0} found".format(modname))
                mods[instance.__class__.__name__] = instance

        # Run through the modifications in dependency order 
        self._mods = []
        for modname in self._resolve_mod_dependencies(mods.values()):
            mod = mods.get(modname, None)
            # We check for invalid/mistyped modification names, AbstractModifications should be caught by this too
            if not mod:
                # Note, this does not allow for optional dependencies
                raise RuntimeError("No concrete ProfileModification found for " + modname)
            if mod.check(self):
                debug.debug("Applying modification from " + mod.__class__.__name__)
                self._mods.append(mod.__class__.__name__)
                mod.modification(self)
开发者ID:Jack47,项目名称:volatility,代码行数:31,代码来源:obj.py

示例4: parse_task_xml

    def parse_task_xml(self, xml, f_name):
        raw = xml
        xml = re.sub('\x00\x00+', '', xml) + '\x00'
        if xml:
            try:
                xml = xml.decode('utf-16')
                xml = re.sub(r"<Task(.*?)>", "<Task>", xml)
                xml = xml.encode('utf-16')

                root = ET.fromstring(xml)
                d = {}

                for e in root.findall("./RegistrationInfo/Date"):
                    d['Date'] = e.text or ''
                for e in root.findall("./RegistrationInfo/Description"):
                    d['Description'] = e.text or ''
                for e in root.findall("./Actions"):
                    d['Actions'] = self.visit_all_children(e)
                for e in root.findall("./Settings/Enabled"):
                    d['Enabled'] = e.text or ''
                for e in root.findall("./Settings/Hidden"):
                    d['Hidden'] = e.text or ''
                for t in root.findall("./Triggers/*"):
                    d['Triggers'] = self.visit_all_children(t)

                if not d.get("Actions", {}).get('Exec', {}).get("Command", False):
                    return None

                return d
            except UnicodeDecodeError as e:
                debug.warning('Error while parsing the following task: {}'.format(f_name))
                debug.debug('UnicodeDecodeError for: {}'.format(repr(raw)))
开发者ID:tomchop,项目名称:volatility-autoruns,代码行数:32,代码来源:autoruns.py

示例5: mmap

 def mmap(self, address):
     size = 32 * 1024
     debug.debug("[mmap] - mapping: (%x, %x)" % (address, size))
     address_page = address & self.mask
     debug.debug("[mmap] - addr_page: %x" % address_page)
     self.mu.mem_map(address_page, size)
     self.mappings.append((address_page, size))
开发者ID:0xDEC0DE8,项目名称:ROPMEMU,代码行数:7,代码来源:emulator.py

示例6: calculate

    def calculate(self):
        address_space = utils.load_as(self._config, astype = 'physical')

        if not self.is_valid_profile(address_space.profile):
            debug.error("This command does not support the selected profile.")

        scanner = PrefetchScanner(config = self._config, needles = ['SCCA'])
        scanner_mam = PrefetchScanner(config = self._config, needles = ['MAM\x04'])
        pf_headers = []

        if(address_space.profile.metadata.get('major') == 6 and address_space.profile.metadata.get('minor') == 4): # Win10
            scanner_mam.load_libmscompression()
            debug.debug("Scanning for MAM compressed data, this can take a while.............")
            if not os.path.isdir(self._config.MAM_DIR):
                debug.error(self._config.MAM_DIR + " is not a directory. Please specify a mam dump directory (--mam-dir)")

            for offset in scanner_mam.scan(address_space):
                pf_header = scanner_mam.carve_mam(address_space, offset, self._config.MAM_DIR)
                if pf_header > 0 and scanner_mam.is_valid():
                    pf_headers.append(pf_header)

        debug.debug("Scanning for Prefetch files, this can take a while.............")
        for offset in scanner.scan(address_space):
            pf_header = scanner.carve(address_space, offset)
            if scanner.is_valid():
                pf_headers.append(pf_header)

        # This list may have duplicate pf_header entries since
        #   we're not doing unique validation, just scanning.
        # Uniquing makes sense for reducing repetetive entries
        for unique_pf_entry in scanner.dedup(pf_headers):
            yield unique_pf_entry
开发者ID:superponible,项目名称:volatility-plugins,代码行数:32,代码来源:prefetch.py

示例7: load_as

def load_as(config, astype = 'virtual', **kwargs):
    """Loads an address space by stacking valid ASes on top of each other (priority order first)"""

    base_as = None
    error = exceptions.AddrSpaceError()

    # Start off requiring another round    
    found = True
    ## A full iteration through all the classes without anyone
    ## selecting us means we are done:
    while found:
        debug.debug("Voting round")
        found = False
        for cls in sorted(registry.get_plugin_classes(addrspace.BaseAddressSpace).values(),
                          key = lambda x: x.order if hasattr(x, 'order') else 10):
            debug.debug("Trying {0} ".format(cls))
            try:
                base_as = cls(base_as, config, astype = astype, **kwargs)
                debug.debug("Succeeded instantiating {0}".format(base_as))
                found = True
                break
            except addrspace.ASAssertionError, e:
                debug.debug("Failed instantiating {0}: {1}".format(cls.__name__, e), 2)
                error.append_reason(cls.__name__, e)
                continue
            except Exception, e:
                debug.debug("Failed instantiating (exception): {0}".format(e))
                error.append_reason(cls.__name__ + " - EXCEPTION", e)
                continue
开发者ID:B-Rich,项目名称:amark,代码行数:29,代码来源:utils.py

示例8: _init_ksymtab

 def _init_ksymtab(self):
     phys_as = utils.load_as(self._config, astype='physical')
     start_addr, _ = phys_as.get_available_addresses().next()
     # First 16 MB of physical memory
     self.kernel_image = phys_as.read(start_addr, 0x1000000)
     # Init page_offset
     if phys_as.profile.metadata.get('memory_model', '32bit') != '32bit':
         raise NotImplementedError
     self.ksymtab_initialized = True
     # Locate the physical offset of the ksymtab_strings section
     for match in re.finditer('init_task\0', self.kernel_image):
         offset = match.start()
         symbol_char = re.compile(r'[0-9a-z_]')
         if symbol_char.match(self.kernel_image[offset - 1:offset]):
             # 'init_task' is a substring of another symbol like 'xxx_init_task'
             continue
         # TODO: Choose the right one, not the first.
         # Find the beginning of the ksymtab_strings section
         char = self.kernel_image[offset]
         while offset > 0 and (symbol_char.match(char) or char == '\x00'):
             offset -= 1
             char = self.kernel_image[offset]
         debug.debug("Found the physical offset of the ksymtab_strings "
                     "section: {0:#010x}".format(offset))
         self.ksymtab_strings_offset = offset
         return
     debug.warning("Can't locate a ksymtab_strings section")
开发者ID:psviderski,项目名称:volatility-android,代码行数:27,代码来源:auto_ksymbol.py

示例9: __init__

 def __init__(self, dump, code, stack, gcounter):
     self.gcounter = gcounter
     code = int(code, 16)
     stack = int(stack, 16)
     self.fix = 2**64
     self.mask = 0xFFFFFFFFFFFFF000
     self.mappings = []
     self.unicorn_code = code
     self.unicorn_stack = stack
     # shadow stack for this emulator instance
     self.shadow = OrderedDict()
     debug.debug("[emulator] - init unicorn...")
     # Volatility interaction
     self.dump = dump
     self.current_ip = code
     # TODO: support other archs and modes
     self.mu = Uc(UC_ARCH_X86, UC_MODE_64)
     #size = 128 * 1024 * 1024
     size = 1 * 4096
     # unicorn code
     self.mu.mem_map(code & self.mask, size)
     self.mappings.append((code, size))
     #size = 256 * 1024 * 1024 
     size = 10 * 4096
     # unicorn generic stack
     self.mu.mem_map(stack & self.mask, size)
     self.mappings.append((stack, size))
     self.set_hooks()
     self.branch_point = []
开发者ID:0xDEC0DE8,项目名称:ROPMEMU,代码行数:29,代码来源:emulator.py

示例10: hook_mem_access

 def hook_mem_access(self, uc, access, address, size, value, user_data):
     if access == UC_MEM_WRITE: 
         debug.debug("[hook_mem_access] - write operation - %x %x %x" % (address, size, value))
         self.shadow[hex(address).strip("L")] = hex(value).strip("L")
     else:
         debug.debug("[hook_mem_access] - read operation - %x %x %x" % (address, size, value))
     return True
开发者ID:0xDEC0DE8,项目名称:ROPMEMU,代码行数:7,代码来源:emulator.py

示例11: emu

 def emu(self, size):
     ip = int(self.get_ip(), 16)
     debug.debug("[emu] - (%x, %x)" % (ip, size))
     try:
         self.mu.emu_start(ip, ip + size, timeout=10000, count=1)
     except UcError as e:
         debug.debug("Error %s" % e)
开发者ID:0xDEC0DE8,项目名称:ROPMEMU,代码行数:7,代码来源:emulator.py

示例12: write_data

 def write_data(self, address, content):
     address = int(address, 16)
     if not self.mapped(address):
         self.mmap(address)
     debug.debug("[write_data] - at address: %x" % address)
     debug.debug(repr(content))
     self.mu.mem_write(address, content)
开发者ID:0xDEC0DE8,项目名称:ROPMEMU,代码行数:7,代码来源:emulator.py

示例13: __init__

 def __init__(self, reason = '', strict = False):
     if not hasattr(sys, "frozen"):
         debug.debug("None object instantiated: " + reason, 2)
     self.reason = reason
     self.strict = strict
     if strict:
         self.bt = get_bt_string()
开发者ID:Natzugen,项目名称:volatility,代码行数:7,代码来源:obj.py

示例14: __init__

    def __init__(self, fh):
        if not "b" in fh.mode.lower():
            raise ValueError("Invalid file handler: file must be opened in binary mode (and not {0})".format(fh.mode))
        
        self.fh = fh
        
        ## Must start with one of the magic values
        magic = self.reada_long(0)
        debug("{0:x}".format(magic))
        
        ## Resolve version and magic
        if magic == 0xbed2bed0:
            self.version = 0
        elif magic == 0xbad1bad1:
            self.version = 1
        elif magic == 0xbed2bed2:
            self.version = 2
        elif magic == 0xbed3bed3:
            self.version = 3
        else:
            raise ParserException("Header signature invalid", magic)

        ## determine offset sizes.
        # this is used whenever the vmsn specifications use 4\8 byte ints dependant of version, so "offset" is a bit misleading.
        self.offset_size = 4 if self.version == 0 else 8
            
        ## Read group count
        self.group_count = self.reada_long(8)
开发者ID:DrDonk,项目名称:vmsnparser,代码行数:28,代码来源:vmsn.py

示例15: render_text

 def render_text(self, outfd, data):
     """Render the plugin's default text output"""         
             
     debug.debug(self.params)    
     
     # Check for data
     if data:                            
         task, vad, params = data
                         
         # Get a magic object from the buffer
         buffer_space = addrspace.BufferAddressSpace(
                             config = self._config, 
                             data = params['decoded_magic'])
 
         magic_obj = obj.Object(self.magic_struct, 
                             offset = 0, vm = buffer_space)                        
 
         outfd.write("*" * 50 + "\n")
         outfd.write("{0:<30} : {1}\n".format("ZBot", self.zbot + self.zbotversion))
         outfd.write("{0:<30} : {1}\n".format("Process", task.ImageFileName))
         outfd.write("{0:<30} : {1}\n".format("Pid", task.UniqueProcessId))
         outfd.write("{0:<30} : {1}\n".format("Address", vad.Start))
 
         # grab the URLs from the decoded buffer
         decoded_config = params['decoded_config']
         urls = []
         while "http" in decoded_config:
             url = decoded_config[decoded_config.find("http"):]
             urls.append(url[:url.find('\x00')])
             decoded_config = url[url.find('\x00'):]
         for i, url in enumerate(urls):
             outfd.write("{0:<30} : {1}\n".format("URL {0}".format(i), url))
 
         outfd.write("{0:<30} : {1}\n".format("Identifier", 
             ''.join([chr(c) for c in magic_obj.guid if c != 0])))
         outfd.write("{0:<30} : {1}\n".format("Mutant key", magic_obj.guid_xor_key))
         outfd.write("{0:<30} : {1}\n".format("XOR key", magic_obj.xorkey))
         outfd.write("{0:<30} : {1}\n".format("Registry", 
             "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\{0}".format(magic_obj.keyname)))
         outfd.write("{0:<30} : {1}\n".format(" Value 1", magic_obj.value1))
         outfd.write("{0:<30} : {1}\n".format(" Value 2", magic_obj.value2))
         outfd.write("{0:<30} : {1}\n".format(" Value 3", magic_obj.value3))
         outfd.write("{0:<30} : {1}\n".format("Executable", magic_obj.exefile))
         outfd.write("{0:<30} : {1}\n".format("Data file", magic_obj.datfile))
 
         outfd.write("{0:<30} : \n{1}\n".format("Config RC4 key", 
                 "\n".join(
                 ["{0:#010x}  {1:<48}  {2}".format(vad.Start + o, h, ''.join(c))
                 for o, h, c in utils.Hexdump(params['config_key'])
                 ])))
         
         rc4_offset = task.obj_vm.profile.get_obj_offset(self.magic_struct, 'rc4key')
         creds_key = params['decoded_magic'][rc4_offset:rc4_offset + RC4_KEYSIZE]
 
         outfd.write("{0:<30} : \n{1}\n".format("Credential RC4 key", 
                 "\n".join(
                 ["{0:#010x}  {1:<48}  {2}".format(vad.Start + o, h, ''.join(c))
                 for o, h, c in utils.Hexdump(creds_key)
                 ])))
开发者ID:187Invitation,项目名称:volatility_plugins,代码行数:59,代码来源:zbotscan.py


注:本文中的volatility.debug.debug函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。