本文整理汇总了Python中volatility.debug.info函数的典型用法代码示例。如果您正苦于以下问题:Python info函数的具体用法?Python info怎么用?Python info使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了info函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: find_function_symbol
def find_function_symbol(self, task, address):
"""
Match a function symbol to a functiona address.
@param task: the task_struct
@param address: The function address
@return: The function symbol or None
"""
if self.symbols:
for vma in task.get_proc_maps():
if vma.vm_start <= address <= vma.vm_end:
#lib = vma.vm_file
lib = linux_common.get_path(task, vma.vm_file)
offset = address - vma.vm_start
#libsymbols = self.symbols[os.path.basename(lib)]
if type(lib) == list:
lib = ""
base = os.path.basename(lib)
#print(base)
#print("{:016x} {} {}".format(offset, base, lib))
if base in self.symbols:
if offset in self.symbols[base]:
debug.info("Instruction was a call to 0x{:016x} = {}@{}".format(address, self.symbols[base][offset], base ))
return self.symbols[base][offset]
elif address in self.symbols[base]:# for a function in the main binary, eg 0x40081e
debug.info("Instruction was a call to 0x{:016x} = {}@{}".format(address, self.symbols[base][address], base ))
return self.symbols[base][address]
break
return None示例2: progress
def progress(self, blocks, blocksz, totalsz):
if self.lastprog == None:
debug.info("Connected. Downloading data...")
percent = int((100*(blocks*blocksz)/float(totalsz)))
if self.lastprog != percent and percent % 5 == 0:
debug.info("{0}%".format(percent))
self.lastprog = percent示例3: check_microarch
def check_microarch(self, addr, phy_space, key):
microarch = hyper.revision_id_db[key]
if microarch.lower() == "sandy":
vmcs_off = hyper.vmcs_offset_sandy
elif microarch.lower() == "core":
vmcs_off = hyper.vmcs_offset_core
else:
debug.error("Microarchitecture %s not supported yet." % microarch)
off = vmcs_off["VMCS_LINK_POINTER"] * 4
data = phy_space.read(addr + off, 0x04)
vmcs_link_pointer = struct.unpack('<I', data)[0]
data2 = phy_space.read(addr + off + 0x04, 0x04)
vmcs_link_pointer2 = struct.unpack('<I', data2)[0]
if (vmcs_link_pointer == 0xffffffff and vmcs_link_pointer2 == 0xffffffff):
size = layouts.vmcs.vmcs_field_size["GUEST_CR3"] / 8
off = vmcs_off["GUEST_CR3"] * 4
data = phy_space.read(addr + off, size)
if size == 4:
guest_cr3 = struct.unpack('<I', data)[0]
elif size == 8:
guest_cr3 = struct.unpack('<Q', data)[0]
else:
debug.error("CR3 size not possible.")
if ((guest_cr3 % 4096) == 0) and (guest_cr3 != 0):
debug.info("\t|__ VMCS 0x%08x [CONSISTENT]" % addr)示例4: __init__
def __init__(self, location):
"""Initializes the firewire implementation"""
self.location = location.strip('/')
debug.info("Waiting for 5s firewire to settle")
self._bus = forensic1394.Bus()
self._bus.enable_sbp2()
time.sleep(5)
self._device = None示例5: get_symbol
def get_symbol(self, sym_name, nm_type = "", module = "kernel"):
"""Gets a symbol out of the profile
sym_name -> name of the symbol
nm_tyes -> types as defined by 'nm' (man nm for examples)
module -> which module to get the symbol from, default is kernel, otherwise can be any name seen in 'lsmod'
This fixes a few issues from the old static hash table method:
1) Conflicting symbols can be handled, if a symbol is found to conflict on any profile,
then the plugin will need to provide the nm_type to differentiate, otherwise the plugin will be errored out
2) Can handle symbols gathered from modules on disk as well from the static kernel
symtable is stored as a hash table of:
symtable[module][sym_name] = [(symbol address, symbol type), (symbol addres, symbol type), ...]
The function has overly verbose error checking on purpose...
"""
symtable = self.sys_map
ret = None
# check if the module is there...
if module in symtable:
mod = symtable[module]
# check if the requested symbol is in the module
if sym_name in mod:
sym_list = mod[sym_name]
# if a symbol has multiple definitions, then the plugin needs to specify the type
if len(sym_list) > 1:
if nm_type == "":
debug.error("Requested symbol {0:s} in module {1:s} has multiple definitions and no type given\n".format(sym_name, module))
else:
for (addr, stype) in sym_list:
if stype == nm_type:
ret = addr
break
if ret == None:
debug.error("Requested symbol {0:s} in module {1:s} could not be found\n".format(sym_name, module))
else:
# get the address of the symbol
ret = sym_list[0][0]
else:
debug.debug("Requested symbol {0:s} not found in module {1:s}\n".format(sym_name, module))
else:
debug.info("Requested module {0:s} not found in symbol table\n".format(module))
if self.shift_address and ret:
ret = ret + self.shift_address
return ret示例6: render_text
def render_text(self, outfd, data):
self.outfd = outfd
for (p, reg, frames) in data:
#self.render_registers(reg)
debug.info("Found {} frames!".format(len(frames)))
debug.info("")
print(frames)
if self.dump_file:
self.write_annotated_stack(self.dump_file, self.calculate_annotations(frames))
print(stats)示例7: render_text
def render_text(self, outfd, data):
if self._config.verbose and self._config.QUICK:
debug.warning('The quick mode only carves At#.job files.')
self.table_header(outfd,
[("Offset(P)", "[addrpad]"),
("ScheduledDate", "23"),
("MostRecentRunTime", "23"),
("Application", "50"),
("Parameters", "100"),
("WorkingDir", "50"),
("Author", "30"),
("RunInstanceCount", "3"),
("MaxRunTime", "10"),
("ExitCode", "10"),
("Comment", ""),
])
i = 1
for offset, job_file in data:
# Dump the data if --dump-dir was supplied
if self._config.DUMP_DIR:
path = os.path.join(self._config.DUMP_DIR, 'carved_%s.job' % i)
fh = open(path, 'wb')
fh.write(job_file)
fh.close()
i += 1
if self._config.verbose:
debug.info(' Written: ' + os.path.basename(path))
try:
job = JobParser(job_file)
except:
if self._config.verbose:
debug.error('Failed parsing the hit at 0x%x' % offset)
continue
hours, ms = divmod(job.MaxRunTime, 3600000)
minutes, ms = divmod(ms, 60000)
seconds = ms / 1000
self.table_row(outfd,
offset,
job.ScheduledDate,
job.RunDate,
job.Name,
job.Parameter,
job.WorkingDirectory,
job.User,
job.RunningInstanceCount,
'{0:02}:{1:02}:{2:02}.{3}'.format(
hours, minutes, seconds, ms),
'{0:#010x}'.format(job.ExitCode),
job.Comment,
)示例8: visit_window
def visit_window(self, screen_id, win):
if win.v() in self._seen_windows:
debug.info('Window referenced more than once! Offset {:#x}. (Skipped)'.format(win.v()))
else:
self._windows.append((screen_id, win))
self._seen_windows.add(win.v())
if win.firstChild and self._current_vm.is_valid_address(win.firstChild):
self.visit_window(screen_id, win.firstChild.dereference())
if win.nextSib and self._current_vm.is_valid_address(win.nextSib):
self.visit_window(screen_id, win.nextSib.dereference())示例9: visit_atomNode
def visit_atomNode(self, atomNode):
if atomNode.v() in self._seen_atoms:
debug.info('Atom referenced more than once! Offset {:#x}.'.format(atomNode.v()))
else:
self._atoms[int(atomNode.a)] = atomNode
self._seen_atoms.add(atomNode.v())
if atomNode.left and self._current_vm.is_valid_address(atomNode.left):
self.visit_atomNode(atomNode.left.dereference())
if atomNode.right and self._current_vm.is_valid_address(atomNode.right):
self.visit_atomNode(atomNode.right.dereference())示例10: find_prevalent_microarch
def find_prevalent_microarch(self, generic_vmcs, phy_space):
microarch_vmcs = {}
for vmcs in generic_vmcs:
try:
revid_raw = phy_space.read(vmcs, 0x04)
except:
continue
rev_id = struct.unpack('<I', revid_raw)[0]
for key in layouts.revision_id_db.keys():
if key == rev_id:
if key not in microarch_vmcs:
microarch_vmcs[key] = []
microarch_vmcs[key].append(vmcs)
debug.info("Possible VMCS 0x%x with %s microarchitecture" % (vmcs,
layouts.db.revision_id_db[key]))
self.check_microarch(vmcs, phy_space, key)
else:
debug.info("Possible VMCS 0x%x with %s microarchitecture" % (vmcs,
layouts.db.revision_id_db[key]))
microarch_vmcs[key].append(vmcs)
self.check_microarch(vmcs, phy_space, key)
maxi = 0
key = None
for k, v in microarch_vmcs.items():
if len(microarch_vmcs[k]) > maxi:
maxi = len(microarch_vmcs[k])
key = k
if key != None:
debug.info("Prevalent Microarch: [0x%08x - %s] - VMCS: %d" % (key,
layouts.db.revision_id_db[key], maxi))
debug.info("Microarchitecture not found.")示例11: get_all_symbols
def get_all_symbols(self, module = "kernel"):
""" Gets all the symbol tuples for the given module """
ret = []
symtable = self.sys_map
if module in symtable:
mod = symtable[module]
for (name, addrs) in mod.items():
ret.append([name, addrs[0][0]])
else:
debug.info("All symbols requested for non-existent module %s" % module)
return ret示例12: find_return_libc_start
def find_return_libc_start(self, proc_as, start_stack, return_start):
"""
Scans the stack for a certain address, in this case the return address of __libc_start_main.
@param proc_as: Process address space
@param start_stack: Start address to search
@param return_start: The return address to find
@return The address found or None
"""
address = start_stack
for value in yield_address(proc_as, start_stack, reverse=True):
if value == return_start:
debug.info("Scanned {} stack addresses before finding the __libc_start_main return address".format((start_stack-address)/linux_process_info.address_size))
return address
address -= linux_process_info.address_size
debug.info("Exhausted search for __libc_start_main return address at stack address {:016x}".format(address))
return None示例13: get_all_kmem_caches
def get_all_kmem_caches(self):
linux_common.set_plugin_members(self)
cache_chain = self.addr_space.profile.get_symbol("cache_chain")
slab_caches = self.addr_space.profile.get_symbol("slab_caches")
if cache_chain: #slab
caches = obj.Object("list_head", offset = cache_chain, vm = self.addr_space)
listm = "next"
ret = [cache for cache in caches.list_of_type("kmem_cache", listm)]
elif slab_caches: #slub
debug.info("SLUB is currently unsupported.")
ret = []
else:
debug.error("Unknown or unimplemented slab type.")
return ret示例14: get_all_function_symbols
def get_all_function_symbols(self, module = "kernel"):
""" Gets all the function tuples for the given module """
ret = []
symtable = self.type_map
if module in symtable:
mod = symtable[module]
for (addr, (name, _sym_types)) in mod.items():
if self.shift_address and addr:
addr = addr + self.shift_address
ret.append([name, addr])
else:
debug.info("All symbols requested for non-existent module %s" % module)
return ret示例15: render_text
def render_text(self, outfd, data):
#03.14
print "%%%%%%%%%%%%%%%%%%%%%%%%%%%% linux_process_stack,render_text, Begin::",datetime.datetime.now()
#
self.outfd = outfd
for (p, reg, frames) in data:
#self.render_registers(reg)
debug.info("Found {} frames!".format(len(frames)))
debug.info("")
print(frames)
if self.dump_file:
self.write_annotated_stack(self.dump_file, self.calculate_annotations(frames))
print(stats)
#03.14
print "%%%%%%%%%%%%%%%%%%%%%%%%%%%% linux_process_stack,render_text, End::",datetime.datetime.now()