当前位置: 首页>>代码示例>>Python>>正文


Python debug.warning函数代码示例

本文整理汇总了Python中volatility.debug.warning函数的典型用法代码示例。如果您正苦于以下问题:Python warning函数的具体用法?Python warning怎么用?Python warning使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了warning函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: calculate

    def calculate(self):
        linux_common.set_plugin_members(self)
        
        phys_addr_space = utils.load_as(self._config, astype = 'physical')

        if phys_addr_space.profile.metadata.get('memory_model', '32bit') == "32bit":
            fmt  = "<I"
        else:
            fmt  = "<Q"

        needles     = []
        
        for sym in phys_addr_space.profile.get_all_symbol_names("kernel"):
            if sym.find("_sched_class") != -1:
                addr = phys_addr_space.profile.get_symbol(sym)
                needles.append(struct.pack(fmt, addr)) 

        if len(needles) == 0:
            debug.warning("Unable to scan for processes. Please file a bug report.")
        else:
            back_offset = phys_addr_space.profile.get_obj_offset("task_struct", "sched_class")

            scanner = poolscan.MultiPoolScanner(needles)    

            for _, offset in scanner.scan(phys_addr_space):
                ptask = obj.Object("task_struct", offset = offset - back_offset, vm = phys_addr_space)

                if not ptask.exit_state.v() in [0, 16, 32, 16|32]:
                    continue

                if not (0 < ptask.pid < 66000):
                    continue

                yield ptask
开发者ID:chansonzhang,项目名称:volatility,代码行数:34,代码来源:psscan.py

示例2: get_autoruns

    def get_autoruns(self):

        debug.debug('Started get_autoruns()')
        results = []
        hive_key_list = []

        try:
            # Gather all software run keys
            self.regapi.reset_current()
            for run_key in SOFTWARE_RUN_KEYS:
                hive_key_list += [k for k in self.regapi.reg_yield_key(hive_name='software', key=run_key)]

            # Gather all ntuser run keys
            self.regapi.reset_current()
            for run_key in NTUSER_RUN_KEYS:
                hive_key_list += [k for k in self.regapi.reg_yield_key(hive_name='ntuser.dat', key=run_key)]

            # hive_key = (key pointer, hive_name)
            for hive_key in hive_key_list:
                results += self.parse_autoruns_key(hive_key)

        except Exception as e:
            debug.warning('get_autoruns() failed to complete. Exception: {0} {1}'.format(type(e).__name__, e.args))

        debug.debug('Finished get_autoruns()')
        return results
开发者ID:tomchop,项目名称:volatility-autoruns,代码行数:26,代码来源:autoruns.py

示例3: get_entries

    def get_entries(addr_space, regapi):

        regapi.reset_current()
        currentcs = regapi.reg_get_currentcontrolset()
        if currentcs == None:
            currentcs = "ControlSet001"

        version = (addr_space.profile.metadata.get('major', 0),
                   addr_space.profile.metadata.get('minor', 0))
        xp = False

        if version <= (5, 1):
            key = currentcs + '\\' + "Control\\Session Manager\\AppCompatibility"
            xp = True
        else:
            key = currentcs + '\\' + "Control\\Session Manager\\AppCompatCache"

        data_raw = regapi.reg_get_value('system', key, "AppCompatCache")
        if data_raw == None or len(data_raw) < 0x1c:
            debug.warning("No ShimCache data found")
            raise StopIteration

        bufferas = addrspace.BufferAddressSpace(addr_space.get_config(), data = data_raw)
        shimdata = obj.Object("ShimRecords", offset = 0, vm = bufferas)
        if shimdata == None:
            debug.warning("No ShimCache data found")
            raise StopIteration

        for e in shimdata.Entries:
            if xp:
                yield e.Path, e.LastModified, e.LastUpdate
            else:
                yield ShimCache.remove_unprintable(bufferas.read(int(e.PathOffset), int(e.Length))), e.LastModified, None
开发者ID:meiningnie,项目名称:volatility,代码行数:33,代码来源:shimcache.py

示例4: download_pdbfile

  def download_pdbfile(self, db, guid, module_id, filename, path):
    db.execute("SELECT id FROM pdb WHERE guid=? AND file=?", (str(guid.upper()).rstrip('\0'), str(filename).rstrip('\0')))
    row = db.fetchone()
    if row == None:
      db.execute("INSERT INTO pdb(guid, file) VALUES (?, ?)", (str(guid.upper()).rstrip('\0'), str(filename).rstrip('\0')))
      db.execute("SELECT LAST_INSERT_ROWID() FROM pdb")
      row = db.fetchone()
    pdb_id = row[0]
    db.execute("SELECT * FROM mod_pdb WHERE module_id=? AND pdb_id=?", (module_id, pdb_id))
    row = db.fetchone()
    if row == None:
      db.execute("INSERT INTO mod_pdb(module_id, pdb_id) VALUES (?, ?)", (module_id, pdb_id))
    self._sym_db_conn.commit()

    for sym_url in SYM_URLS:
      url = "{0}/{1}/{2}/".format(sym_url, filename, guid)
      proxy = urllib2.ProxyHandler()
      opener = urllib2.build_opener(proxy)
      tries = [ filename[:-1] + '_', filename ]
      for t in tries:
        debug.info("Trying {0}".format(url+t))
        outfile = os.path.join(path, t)
        try:
          PDBOpener().retrieve(url+t, outfile, reporthook=self.progress)
          debug.info("Downloaded symbols and cached at {0}".format(outfile))
          if t.endswith("_"):
            self.cabextract(outfile, path)
            debug.info("Unpacked download into {0}".format(path))
            os.remove(outfile)
            db.execute("UPDATE pdb SET downloaded_at=DATETIME('now'), src=? WHERE id=? AND guid=? AND file=?", (sym_url, pdb_id, str(guid.upper()).rstrip('\0'), str(filename).rstrip('\0')))
            self._sym_db_conn.commit()
          return
        except urllib2.HTTPError, e:
          debug.warning("HTTP error {0}".format(e.code))
开发者ID:binsrc,项目名称:volatility-1,代码行数:34,代码来源:symbols.py

示例5: draw_branch

        def draw_branch(pad, inherited_from):
            for task in data.values():
                if task.InheritedFromUniqueProcessId == inherited_from:

                    first_column = "{0} {1:#x}:{2:20}".format(
                                        "." * pad, 
                                        task.obj_offset, 
                                        str(task.ImageFileName or '')
                                        )

                    self.table_row(outfd, 
                        first_column,
                        task.UniqueProcessId,
                        task.InheritedFromUniqueProcessId,
                        task.ActiveThreads,
                        task.ObjectTable.HandleCount,
                        task.CreateTime)

                    if self._config.VERBOSE:
                        outfd.write("{0}    audit: {1}\n".format(
                                ' ' * pad, str(task.SeAuditProcessCreationInfo.ImageFileName.Name or '')))
                        process_params = task.Peb.ProcessParameters
                        if process_params:
                            outfd.write("{0}    cmd: {1}\n".format(
                                ' ' * pad, str(process_params.CommandLine or '')))
                            outfd.write("{0}    path: {1}\n".format(
                                ' ' * pad, str(process_params.ImagePathName or '')))

                    try:
                        del data[int(task.UniqueProcessId)]
                    except KeyError:
                        debug.warning("PID {0} PPID {1} has already been seen".format(task.UniqueProcessId, task.InheritedFromUniqueProcessId))

                    draw_branch(pad + 1, task.UniqueProcessId) 
开发者ID:BryanSingh,项目名称:volatility,代码行数:34,代码来源:pstree.py

示例6: calculate

    def calculate(self):
        linux_common.set_plugin_members(self)
        # Automatically initialize task_struct offsets
        task_struct.init_offsets(self.addr_space)
        if not all([task_struct.is_offset_defined(memname) for memname in ['comm', 'tasks', 'mm']]):
            debug.warning("Some of required members of 'task_struct' structure were not found.")
            return

        ksymbol_command = linux_auto_ksymbol(self._config)
        init_task_addr = ksymbol_command.get_symbol('init_task')
        if init_task_addr is None:
            debug.warning("Can't locate the first process (swapper).")
            return
        init_task = obj.Object('task_struct', offset=init_task_addr, vm=self.addr_space)
        tasks_dtb_list = []
        for task in init_task.tasks:
            if mm_struct.is_offset_defined('pgd'):
                pgd = task.mm.pgd
                if pgd:
                    tasks_dtb_list.append(self.addr_space.vtop(pgd))
            yield task
        # List unnamed potentially hidden or terminated processes
        # auto-discovered by dtblist command.
        dtblist_command = linux_auto_dtblist(self._config)
        for dtb in dtblist_command.calculate():
            if dtb not in tasks_dtb_list:
                yield dtb
开发者ID:psviderski,项目名称:volatility-android,代码行数:27,代码来源:auto_pslist.py

示例7: parse_task_xml

    def parse_task_xml(self, xml, f_name):
        raw = xml
        xml = re.sub('\x00\x00+', '', xml) + '\x00'
        if xml:
            try:
                xml = xml.decode('utf-16')
                xml = re.sub(r"<Task(.*?)>", "<Task>", xml)
                xml = xml.encode('utf-16')

                root = ET.fromstring(xml)
                d = {}

                for e in root.findall("./RegistrationInfo/Date"):
                    d['Date'] = e.text or ''
                for e in root.findall("./RegistrationInfo/Description"):
                    d['Description'] = e.text or ''
                for e in root.findall("./Actions"):
                    d['Actions'] = self.visit_all_children(e)
                for e in root.findall("./Settings/Enabled"):
                    d['Enabled'] = e.text or ''
                for e in root.findall("./Settings/Hidden"):
                    d['Hidden'] = e.text or ''
                for t in root.findall("./Triggers/*"):
                    d['Triggers'] = self.visit_all_children(t)

                if not d.get("Actions", {}).get('Exec', {}).get("Command", False):
                    return None

                return d
            except UnicodeDecodeError as e:
                debug.warning('Error while parsing the following task: {}'.format(f_name))
                debug.debug('UnicodeDecodeError for: {}'.format(repr(raw)))
开发者ID:tomchop,项目名称:volatility-autoruns,代码行数:32,代码来源:autoruns.py

示例8: merge_overlay

 def merge_overlay(self, overlay):
     """Applies an overlay to the profile's vtypes"""
     for k, v in overlay.items():
         if k not in self.vtypes:
             debug.warning("Overlay structure {0} not present in vtypes".format(k))
         else:
             self.vtypes[k] = self._apply_overlay(self.vtypes[k], v)
开发者ID:Jack47,项目名称:volatility,代码行数:7,代码来源:obj.py

示例9: hash

 def hash(self, data, alghConfig):
     try:
         retdata = fhash.sdhash(data).hexdigest()
     except ValueError:
         retdata = '-'
         debug.warning("SDHash needs an input of at least 512 bytes. Too short: {!s}".format(len(data)))
     return retdata
开发者ID:naveen12,项目名称:community,代码行数:7,代码来源:algorithms.py

示例10: add_types

 def add_types(self, vtypes, overlay = None):
     """ Add in a deprecated function that mimics the previous add_types function """
     debug.warning("Deprecation warning: A plugin is making use of profile.add_types")
     self.vtypes.update(vtypes)
     if overlay:
         self.merge_overlay(overlay)
     self.compile()
开发者ID:Jack47,项目名称:volatility,代码行数:7,代码来源:obj.py

示例11: calculate

    def calculate(self):
        common.set_plugin_members(self)

        pidlist = None

        try:
            if self._config.PID:
                pidlist = [int(p) for p in self._config.PID.split(',')]
        except:
            pass
        
        p = self.addr_space.profile.get_symbol("_allproc")

        procsaddr = obj.Object("proclist", offset = p, vm = self.addr_space)
        proc = obj.Object("proc", offset = procsaddr.lh_first, vm = self.addr_space)
        seen = []

        while proc.is_valid():
    
            if proc.obj_offset in seen:
                debug.warning("Recursive process list detected (a result of non-atomic acquisition). Use mac_tasks or mac_psxview)")
                break
            else:
                seen.append(proc.obj_offset)

            if not pidlist or proc.p_pid in pidlist:
                yield proc 

            proc = proc.p_list.le_next.dereference()
开发者ID:504ensicsLabs,项目名称:DAMM,代码行数:29,代码来源:pslist.py

示例12: get_section

    def get_section(self, sect):
        ret = None
        if self.isPE:
            if sect.split(':')[0] == 'pe':
                # PE Header
                ret = self.strings_str(self.get_header(sect)) if self.strings else self.get_header(sect)
            else:
                # PE Section
                split = sect.split(':')
                if len(split) > 1 and split[1] == 'header':
                    # Section header
                    for section in self.pDump.sections:
                        if split[0] == section.Name.translate(None, '\x00'):
                            ret = self.strings_str(section.__pack__()) if self.strings else section.__pack__()
                    if not ret:
                        debug.warning('Unknown section: {!s} for {!s}. Please specify a valid section.'.format(sect, self.pName))
                else:
                    # Section content
                    for section in self.pDump.sections:
                        if sect == section.Name.translate(None, '\x00'):
                            ret = self.strings_str(section.get_data()) if self.strings else section.get_data()
                    if not ret:
                        debug.warning('Unknown section: {!s} for {!s}. Please specify a valid section.'.format(sect, self.pName))
        else:
            raise exc.NoPE(self.pName)

        # Dump data to disk
        if self.mirror: self.dump_hashed_data(ret, sect)

        return ret
开发者ID:naveen12,项目名称:community,代码行数:30,代码来源:processfuzzyhash.py

示例13: _init_ksymtab

 def _init_ksymtab(self):
     phys_as = utils.load_as(self._config, astype='physical')
     start_addr, _ = phys_as.get_available_addresses().next()
     # First 16 MB of physical memory
     self.kernel_image = phys_as.read(start_addr, 0x1000000)
     # Init page_offset
     if phys_as.profile.metadata.get('memory_model', '32bit') != '32bit':
         raise NotImplementedError
     self.ksymtab_initialized = True
     # Locate the physical offset of the ksymtab_strings section
     for match in re.finditer('init_task\0', self.kernel_image):
         offset = match.start()
         symbol_char = re.compile(r'[0-9a-z_]')
         if symbol_char.match(self.kernel_image[offset - 1:offset]):
             # 'init_task' is a substring of another symbol like 'xxx_init_task'
             continue
         # TODO: Choose the right one, not the first.
         # Find the beginning of the ksymtab_strings section
         char = self.kernel_image[offset]
         while offset > 0 and (symbol_char.match(char) or char == '\x00'):
             offset -= 1
             char = self.kernel_image[offset]
         debug.debug("Found the physical offset of the ksymtab_strings "
                     "section: {0:#010x}".format(offset))
         self.ksymtab_strings_offset = offset
         return
     debug.warning("Can't locate a ksymtab_strings section")
开发者ID:psviderski,项目名称:volatility-android,代码行数:27,代码来源:auto_ksymbol.py

示例14: search_process_memory

    def search_process_memory(self, s, heap_only=False):

        # Allow for some overlap in case objects are
        # right on page boundaries
        overlap = 1024

        # Make sure s in a list. This allows you to search for
        # multiple strings at once, without changing the API.
        if type(s) != list:
            debug.warning("Single strings to search_process_memory is deprecated, use a list instead")
            s = [s]

        scan_blk_sz = 1024 * 1024 * 10

        addr_space = self.get_process_address_space()

        for vma in self.get_proc_maps():
            if heap_only:
                if not (vma.vm_start <= self.mm.start_brk and vma.vm_end >= self.mm.brk):
                    continue
            offset = vma.vm_start
            out_of_range = vma.vm_start + (vma.vm_end - vma.vm_start)
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(scan_blk_sz + overlap, out_of_range - offset)
                data = addr_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, scan_blk_sz)
开发者ID:woogers,项目名称:volatility,代码行数:32,代码来源:linux.py

示例15: calculate

    def calculate(self):
        #check pid is valid before we spend time getting sections
        tasks = list(taskmods.DllList.calculate(self))
        pids = []
        for task in tasks:
            pids.append(int(task.UniqueProcessId))
        if not(int(self._config.PID) in pids):
            debug.error("Error - Invalid PID")

        #get handles for all processes by reseting the pid filter
        self.pid = self._config.PID
        self._config.PID = ""
        self.segments = self.get_section_segments()

        #revert pid option
        self._config.PID = self.pid

        #Check profile
        profile = self._config.profile
        if profile != "Win7SP1x86" and profile != "WinXPSP3x86":
            debug.warning("Warning - {0} profile not supported".format(self._config.profile))

        #analyze through each process
        for task in taskmods.DllList.calculate(self):
            for data in self.analyze(task):
                yield data
开发者ID:a-white,项目名称:Userspace,代码行数:26,代码来源:userspace.py


注:本文中的volatility.debug.warning函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。