当前位置: 首页>>代码示例>>Python>>正文


Python debug.error函数代码示例

本文整理汇总了Python中volatility.debug.error函数的典型用法代码示例。如果您正苦于以下问题:Python error函数的具体用法?Python error怎么用?Python error使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了error函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: render_text

    def render_text(self, outfd, data):
        if (not self._config.DUMP_DIR or 
                not os.path.isdir(self._config.DUMP_DIR)):
            debug.error("Please specify an existing output dir (--dump-dir)")

        self.table_header(outfd, [("Task", "10"), 
                                  ("VM Start", "[addrpad]"), 
                                  ("VM End", "[addrpad]"), 
                                  ("Length", "[addr]"), 
                                  ("Path", "")])

        for (task, vma) in data:
            if not self._config.VMA or vma.vm_start == self._config.VMA:
                file_name = "task.{0}.{1:#x}.vma".format(task.pid, vma.vm_start)
                file_path = os.path.join(self._config.DUMP_DIR, file_name)
                
                outfile = open(file_path, "wb+")
                for page in self.read_addr_range(task, vma.vm_start, vma.vm_end):
                    outfile.write(page)
                outfile.close()
                
                self.table_row(outfd, task.pid, 
                               vma.vm_start, 
                               vma.vm_end, 
                               vma.vm_end - vma.vm_start, 
                               file_path)
开发者ID:B-Rich,项目名称:amark,代码行数:26,代码来源:dump_map.py

示例2: render_text

    def render_text(self, outfd, data):
        """Renders the tasks to disk images, outputting progress as they go"""
        if self._config.DUMP_DIR == None:
            debug.error("Please specify a dump directory (--dump-dir)")
        if not os.path.isdir(self._config.DUMP_DIR):
            debug.error(self._config.DUMP_DIR + " is not a directory")

        self.table_header(outfd,
                          [("Process(V)", "[addrpad]"),
                           ("ImageBase", "[addrpad]"),
                           ("Name", "20"),
                           ("Result", "")])

        for task in data:
            task_space = task.get_process_address_space()
            if task_space == None:
                result = "Error: Cannot acquire process AS"
            elif task.Peb == None:
                # we must use m() here, because any other attempt to 
                # reference task.Peb will try to instantiate the _PEB
                result = "Error: PEB at {0:#x} is paged".format(task.m('Peb'))
            elif task_space.vtop(task.Peb.ImageBaseAddress) == None:
                result = "Error: ImageBaseAddress at {0:#x} is paged".format(task.Peb.ImageBaseAddress)
            else:
                dump_file = "executable." + str(task.UniqueProcessId) + ".exe"
                result = self.dump_pe(task_space,
                                task.Peb.ImageBaseAddress,
                                dump_file)
            self.table_row(outfd,
                            task.obj_offset,
                            task.Peb.ImageBaseAddress,
                            task.ImageFileName,
                            result)
开发者ID:carmaa,项目名称:volatility-2.2-python3,代码行数:33,代码来源:procdump.py

示例3: calculate

    def calculate(self):
        addr_space = utils.load_as(self._config)

        if not self.is_valid_profile(addr_space.profile):
            debug.error("This command does not support the selected profile.")

        for objct in self.scan_results(addr_space):

            if isinstance(objct, _UDP_ENDPOINT):
                # For UdpA, the state is always blank and the remote end is asterisks
                for ver, laddr, _ in objct.dual_stack_sockets():
                    yield objct, "UDP" + ver, laddr, objct.Port, "*", "*", ""
            elif isinstance(objct, _TCP_ENDPOINT):

                if objct.AddressFamily == AF_INET:
                    proto = "TCPv4"
                elif objct.AddressFamily == AF_INET6:
                    proto = "TCPv6"

                yield objct, proto, objct.LocalAddress, objct.LocalPort, \
                    objct.RemoteAddress, objct.RemotePort, objct.State
            elif isinstance(objct, _TCP_LISTENER):
                # For TcpL, the state is always listening and the remote port is zero
                for ver, laddr, raddr in objct.dual_stack_sockets():
                    yield objct, "TCP" + ver, laddr, objct.Port, raddr, 0, "LISTENING"
开发者ID:Iamgublin,项目名称:python-related,代码行数:25,代码来源:netscan.py

示例4: apply_types

    def apply_types(addr_space, ver):
        """Apply the TrueCrypt types for a specific version of TC. 

        @param addr_space: <volatility.BaseAddressSpace>
        @param ver: <string> version 
        """

        mm_model = addr_space.profile.metadata.get('memory_model', '32bit')
        try:
            vtypes = TrueCryptMaster.version_map[ver][mm_model]
            addr_space.profile.vtypes.update(vtypes)
            addr_space.profile.merge_overlay({
            'EXTENSION' : [ None, {
                'wszVolume' : [ None, ['String', dict(length = 260, encoding = "utf16")]],
            }], 
            'CRYPTO_INFO_t' : [ None, { 
                'mode' : [ None, ['Enumeration', dict(target = "long", 
                            choices = {1: 'XTS', 
                                       2: 'LWR', 
                                       3: 'CBC', 
                                       4: 'OUTER_CBC', 
                                       5: 'INNER_CBC'})]],
                'ea' : [ None, ['Enumeration', dict(target = "long", 
                            choices = {1: 'AES', 
                                       2: 'SERPENT', 
                                       3: 'TWOFISH', 
                                       4: 'BLOWFISH', 
                                       5: 'CAST', 
                                       6: 'TRIPLEDES'})]],
            }]})
            addr_space.profile.compile()
        except KeyError:
            debug.error("Truecrypt version {0} is not supported".format(ver))
开发者ID:504ensicsLabs,项目名称:DAMM,代码行数:33,代码来源:tcaudit.py

示例5: calculate

    def calculate(self):
        addr_space = utils.load_as(self._config)

        if not self.is_valid_profile(addr_space.profile):
            debug.error("This command does not support the selected profile.")

        return win32.network.determine_sockets(addr_space)
开发者ID:BryanSingh,项目名称:volatility,代码行数:7,代码来源:sockets.py

示例6: generator

    def generator(self, data):
        if self._config.DUMP_DIR and not os.path.isdir(self._config.DUMP_DIR):
            debug.error(self._config.DUMP_DIR + " is not a directory")

        for task in data:
            for vad, address_space in task.get_vads(vad_filter = task._injection_filter):

                if self._is_vad_empty(vad, address_space):
                    continue

                content = address_space.zread(vad.Start, 64) 

                yield (0, [str(task.ImageFileName), 
                           int(task.UniqueProcessId),
                           Address(vad.Start),
                           str(vad.Tag),
                           str(vadinfo.PROTECT_FLAGS.get(vad.VadFlags.Protection.v(), "")),
                           str(vad.VadFlags),
                           Bytes(content)])

                # Dump the data if --dump-dir was supplied
                if self._config.DUMP_DIR:

                    filename = os.path.join(self._config.DUMP_DIR,
                        "process.{0:#x}.{1:#x}.dmp".format(
                        task.obj_offset, vad.Start))

                    self.dump_vad(filename, vad, address_space)
开发者ID:volatilityfoundation,项目名称:volatility,代码行数:28,代码来源:malfind.py

示例7: search_stack_frames

 def search_stack_frames(self, start, stack_base, stack_limit, yara_rules, frame_delta=32,   unwind=DEFAULT_UNWIND):
   """ 
   Use Yara to search kernel/user stack frames within +/- frame_delta of the frame's start  
   address.
 
   Frames to search are chosen by using the strategies specifed by the unwind parameter.
 
   yara_rules - compiled Yara rules, built for example with:
      1. yara.compile("/path/to/yara.rules")
   or 2. yara.compile(source="rule dummy { condition: true }")
   """
 
   if not yara_installed:
     debug.error("In order to search the stack frames, it is necessary to install yara")
 
   stack_registry = registry.get_plugin_classes(StackTop)
   
   for unwind_strategy_nm in unwind.split(","):
     if unwind_strategy_nm not in stack_registry:
       raise ValueError("{0} is not a known stack unwind strategy".format(unwind_strategy_nm))
     unwind_strategy = stack_registry[unwind_strategy_nm](start, stack_base, stack_limit, self)
     for frame in itertools.chain(unwind_strategy.up(), unwind_strategy.down()):
       search_data = self.get_process_address_space().zread(frame.start - frame_delta, 2* frame_delta)
       for match in yara_rules.match(data = search_data):
         for moffset, name, value in match.strings:
           # Match offset here is converted into frame start address and a +/- frame_delta
           yield match, name, value, frame.start, moffset-frame_delta
 
   raise StopIteration
开发者ID:binsrc,项目名称:volatility-1,代码行数:29,代码来源:exportstack.py

示例8: calculate

    def calculate(self):
        common.set_plugin_members(self)

        if not self.addr_space.profile.obj_has_member("fs_event_watcher", "proc_name"):
            debug.error("This plugin only supports OS X >= 10.8.2. Please file a bug if you are running against a version matching this criteria.")

        event_types = ["CREATE_FILE", "DELETE", "STAT_CHANGED", "RENAME", "CONTENT_MODIFIED", "EXCHANGE", "FINDER_INFO_CHANGED", "CREATE_DIR", "CHOWN"]
        event_types = event_types + ["XATTR_MODIFIED", "XATTR_REMOVED", "DOCID_CREATED", "DOCID_CHANGED"]

        table_addr = self.addr_space.profile.get_symbol("_watcher_table")
    
        arr = obj.Object(theType = "Array", targetType = "Pointer", count = 8, vm = self.addr_space, offset = table_addr)

        for watcher_addr in arr:
            if not watcher_addr.is_valid():
                continue

            watcher = watcher_addr.dereference_as("fs_event_watcher")

            name = self.addr_space.read(watcher.proc_name.obj_offset, 33)
            if name:
                idx = name.find("\x00")
                if idx != -1:
                    name = name[:idx]

            events = ""
            event_arr = obj.Object(theType = "Array", targetType = "unsigned char", offset = watcher.event_list.v(), count = 13, vm = self.addr_space)
            for (i, event) in enumerate(event_arr):
                if event == 1:
                    events = events + event_types[i] + ", "  

            if len(events) and events[-1] == " " and events[-2] == ",":
                events = events[:-2]

            yield watcher_addr, name, watcher.pid, events
开发者ID:CRYP706URU,项目名称:pyrebox,代码行数:35,代码来源:vfsevents.py

示例9: calculate

    def calculate(self):
        addr_space = utils.load_as(self._config)

        tag = self._config.TAG

        if tag == None:
            debug.error("You must enter a --tag to find")

        minsize = self._config.MIN_SIZE
        maxsize = self._config.MAX_SIZE 
        poolsize = lambda x : x >= minsize and x <= maxsize 

        if self._config.PAGED:
            paged = True
            non_paged = False
        else:
            paged = False
            non_paged = True

        scanner = GenericPoolScan()
        scanner.checks = [ 
                ('PoolTagCheck', dict(tag = tag)),
                ('CheckPoolSize', dict(condition = poolsize)),
                ('CheckPoolType', dict(paged = paged, non_paged = non_paged)),
                ]

        for offset in scanner.scan(addr_space):
            pool = obj.Object("_POOL_HEADER", offset = offset, vm = addr_space) 
            buf = addr_space.zread(offset, minsize)
            yield pool, buf
开发者ID:BryanSingh,项目名称:volatility,代码行数:30,代码来源:pooltracker.py

示例10: calculate

    def calculate(self):
        addr_space = utils.load_as(self._config)

        if self._config.REGEX:
            try:
                if self._config.IGNORE_CASE:
                    mod_re = re.compile(self._config.REGEX, re.I)
                else:
                    mod_re = re.compile(self._config.REGEX)
            except re.error as e:
                debug.error('Error parsing regular expression: %s' % e)

        mods = dict((mod.DllBase.v(), mod) for mod in modules.lsmod(addr_space))
        # We need the process list to find spaces for some drivers. Enumerate them here
        # instead of inside the find_space function, so we only have to do it once. 
        procs = list(tasks.pslist(addr_space))

        if self._config.BASE:
            if self._config.BASE in mods:
                mod_name = mods[self._config.BASE].BaseDllName
            else:
                mod_name = "UNKNOWN"
            yield addr_space, procs, int(self._config.BASE), mod_name
        else:
            for mod in list(mods.values()):
                if self._config.REGEX:
                    if not mod_re.search(str(mod.FullDllName or '')) and not mod_re.search(str(mod.BaseDllName or '')):
                        continue
                yield addr_space, procs, mod.DllBase.v(), mod.BaseDllName
开发者ID:carmaa,项目名称:volatility-2.2-python3,代码行数:29,代码来源:moddump.py

示例11: get_processes

    def get_processes(self, addr_space):
        """Enumerate processes based on user options.

        :param      addr_space | <addrspace.AbstractVirtualAddressSpace>

        :returns    <list> 
        """

        bounce_back = taskmods.DllList.virtual_process_from_physical_offset
        if self._config.OFFSET != None:
            tasks = [bounce_back(addr_space, self._config.OFFSET)]
        elif self._config.SCAN:
            procs = list(filescan.PSScan(self._config).calculate())
            tasks = []
            for task in procs:
                tasks.append(bounce_back(addr_space, task.obj_offset))
        else:
            tasks = win32.tasks.pslist(addr_space)

        try:
            if self._config.PID is not None:
                pidlist = [int(p) for p in self._config.PID.split(",")]
                tasks = [t for t in tasks if int(t.UniqueProcessId) in pidlist]
        except (ValueError, TypeError):
            debug.error("Invalid PID {0}".format(self._config.PID))

        return tasks
开发者ID:binaryAccess,项目名称:volatility,代码行数:27,代码来源:strings.py

示例12: calculate

    def calculate(self):
        linux_common.set_plugin_members(self)

        phys_addr_space = utils.load_as(self._config, astype="physical")

        if phys_addr_space.profile.metadata.get("memory_model", "32bit") == "32bit":
            fmt = "<I"
        else:
            fmt = "<Q"

        needles = []

        for sym in phys_addr_space.profile.get_all_symbol_names("kernel"):
            if sym.find("_sched_class") != -1:
                addr = phys_addr_space.profile.get_symbol(sym)
                needles.append(struct.pack(fmt, addr))

        if len(needles) == 0:
            debug.error("Unable to scan for processes. Please file a bug report.")

        back_offset = phys_addr_space.profile.get_obj_offset("task_struct", "sched_class")

        scanner = poolscan.MultiPoolScanner(needles)

        for _, offset in scanner.scan(phys_addr_space):
            ptask = obj.Object("task_struct", offset=offset - back_offset, vm=phys_addr_space)

            if not ptask.exit_state.v() in [0, 16, 32, 16 | 32]:
                continue

            if not (0 < ptask.pid < 66000):
                continue

            yield ptask
开发者ID:MeteorAdminz,项目名称:volatility,代码行数:34,代码来源:psscan.py

示例13: _compile_rules

 def _compile_rules(self):
     """Compile the YARA rules from command-line parameters. 
     
     @returns: a YARA object on which you can call 'match'
     
     This function causes the plugin to exit if the YARA 
     rules have syntax errors or are not supplied correctly. 
     """
 
     rules = None
 
     try:
         if self._config.YARA_RULES:
             s = self._config.YARA_RULES
             # Don't wrap hex or regex rules in quotes 
             if s[0] not in ("{", "/"): s = '"' + s + '"'
             # Option for case insensitive searches
             if self._config.CASE: s += " nocase"
             # Scan for unicode and ascii strings 
             if self._config.WIDE: s += " wide ascii"
             rules = yara.compile(sources = {
                         'n' : 'rule r1 {strings: $a = ' + s + ' condition: $a}'
                         })
         elif self._config.YARA_FILE and os.path.isfile(self._config.YARA_FILE):
             rules = yara.compile(self._config.YARA_FILE)
         else:
             debug.error("You must specify a string (-Y) or a rules file (-y)")
     except yara.SyntaxError, why:
         debug.error("Cannot compile rules: {0}".format(str(why)))
开发者ID:volatilityfoundation,项目名称:volatility,代码行数:29,代码来源:malfind.py

示例14: calculate

    def calculate(self):
        """Begin carving and analysing"""

        #Check output dir is provided
        if self._config.DUMP_DIR == None:
            debug.error("Please specify a dump directory (--dump-dir)")
        if not os.path.isdir(self._config.DUMP_DIR):
            debug.error(self._config.DUMP_DIR + " is not a directory")

        
        #Carve packets from all mempages
        self.addr_space = utils.load_as(self._config)
        for mempage in self.addr_space.get_available_addresses():
            self.carve_packets(self.addr_space.zread(mempage[0], mempage[1]))

        
        #Analyze the carved/parsed packets
        packet_stats = self.analyze_packets(self.parsed_packets)
        
        #Dump files to dump-dir
        self.dump_packets_to_pcap(self.hex_packets, os.path.abspath(os.path.join(self._config.DUMP_DIR, 'packets.pcap')))
        with open(os.path.abspath(os.path.join(self._config.DUMP_DIR, 'ips.txt')), 'w') as fd:
            for ip_to_check in packet_stats['unique_public_ips']:
                fd.write(ip_to_check + '\n')
        
        
        return packet_stats
开发者ID:JamesHabben,项目名称:community,代码行数:27,代码来源:carve_packets.py

示例15: render_text

    def render_text(self, outfd, data):

        if self._config.DUMP_DIR and not os.path.isdir(self._config.DUMP_DIR):
            debug.error(self._config.DUMP_DIR + " is not a directory")
        for o, addr, hit, content in data:
            outfd.write("Rule: {0}\n".format(hit.rule))

            # Find out if the hit is from user or kernel mode
            if o == None:
                outfd.write("Owner: (Unknown Kernel Memory)\n")
                filename = "kernel.{0:#x}.dmp".format(addr)
            elif o.obj_name == "_EPROCESS":
                outfd.write("Owner: Process {0} Pid {1}\n".format(o.ImageFileName,
                    o.UniqueProcessId))
                filename = "process.{0:#x}.{1:#x}.dmp".format(o.obj_offset, addr)
            else:
                outfd.write("Owner: {0}\n".format(o.BaseDllName))
                filename = "kernel.{0:#x}.{1:#x}.dmp".format(o.obj_offset, addr)

            # Dump the data if --dump-dir was supplied
            if self._config.DUMP_DIR:
                path = os.path.join(self._config.DUMP_DIR, filename)
                fh = open(path, "wb")
                fh.write(content)
                fh.close()

            outfd.write("".join(
                ["{0:#010x}  {1:<48}  {2}\n".format(addr + o, h, ''.join(c))
                for o, h, c in utils.Hexdump(content)
                ]))
开发者ID:volatilityfoundation,项目名称:volatility,代码行数:30,代码来源:malfind.py


注:本文中的volatility.debug.error函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。