本文整理汇总了Python中volatility.registry.register_global_options函数的典型用法代码示例。如果您正苦于以下问题:Python register_global_options函数的具体用法?Python register_global_options怎么用?Python register_global_options使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了register_global_options函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
def main():
if len(sys.argv) != 4:
print "Usage: %s %s %s %s" % (sys.argv[0], "profile", "memdump", "targetprocname")
sys.exit(1)
registry.PluginImporter()
config = conf.ConfObject()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = sys.argv[1]
config.LOCATION = sys.argv[2]
processes = taskmods.PSList(config)
target = filter_by_name(processes, sys.argv[3])
# .text info
imagebase, va, rawsize = get_text_section_info(target)
if imagebase == None:
print "[-] Error: probably wrong .text section name"
sys.exit(1)
text_start = imagebase + va
text_end = imagebase + va + rawsize
permissions = get_vad_protect_flags(target, text_start, text_end)
print "0x%x-0x%x %s %s" % (text_start, text_end, permissions, TEXT_TAG)
# dll info
modules = get_dll_info(target)
# printing dll info
for name, info in modules.items():
dll_start = info[0]
dll_end = info[0] + info[1]
permissions = get_vad_protect_flags(target, dll_start, dll_end)
print "0x%x-0x%x %s %s" % (dll_start, dll_end, permissions, name)
# heap info
hs = get_heap_info(target)
# printing heap info
for h in hs:
heap_start = h.BaseAddress.v()
heap_end = h.LastValidEntry.v()
permissions = get_vad_protect_flags(target, heap_start, heap_end)
print "0x%x-0x%x %s %s" % (h.BaseAddress, h.LastValidEntry, permissions, HEAP_TAG)
# stack info
tebs = get_stack_info(target)
# printing stack info
for t in tebs:
stack_start = t.NtTib.StackBase.v()
stack_end = t.NtTib.StackLimit.v()
permissions = get_vad_protect_flags(target, stack_start, stack_end)
print "0x%x-0x%x %s %s" % (stack_start, stack_end, permissions, STACK_TAG)示例2: __init__
def __init__(self):
# Get the version information on every output from the beginning
# Exceptionally useful for debugging/telling people what's going on
#sys.stderr.write("Volatile Systems Volatility Framework {0}\n".format(constants.VERSION))
#sys.stderr.flush()
self.config = conf.ConfObject()
self.cmds = {}
#self.profile = "--profile=Linuxcentos5_5x86"
self.vmprocessMap = {}
self.config.add_option("INFO", default = None, action = "store_true",
cache_invalidator = False,
help = "Print information about all registered objects")
# Setup the debugging format
debug.setup()
# Load up modules in case they set config options
registry.PluginImporter()
## Register all register_options for the various classes
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
registry.register_global_options(self.config, commands.Command)
# Reset the logging level now we know whether debug is set or not
debug.setup(self.config.DEBUG)
#pdb.set_trace()
## Try to find the first thing that looks like a module name
self.cmds = registry.get_plugin_classes(commands.Command, lower = True)示例3: init_config
def init_config(self):
"""
Volatility 설정 초기화
:return:
"""
if self.config is not None and self.addr_space is not None:
return self.config
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": 'plugins',
"debug": 4,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
self.config.parse_options()
if self.osprofile:
base_conf["profile"] = self.osprofile
self.update_config(base_conf)
# 사용가능한 플러그인 목록 저장
# self.plugins = Dictionary
# key: 플러그인 클래스 이름
# value: 플러그인 클래스 인스턴스
self.plugins = registry.get_plugin_classes(commands.Command, lower=True)
profs = registry.get_plugin_classes(obj.Profile)
profile = profs[self.config.PROFILE]()
# self.plugins에서 플러그인 리스트 추출
for cmd_name, command in self.plugins.items():
if command.is_valid_profile(profile):
self.plugin_list.append(cmd_name)
return self.config示例4: get_config
def get_config(profile, target_path):
config = conf.ConfObject()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = profile
config.LOCATION = "file://{0}".format(target_path)
return config 示例5: main
def main(argv=None):
setupLogging("admemanalysis.log",logging.INFO)
registry.PluginImporter()
config = conf.ConfObject()
config.add_option('OUTPUT-PATH', default=None,
help='Where to create output files',
action='store', type='str')
config.process_id = None
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
if not os.path.isfile("inputdata.json"):
raise NameError("Input file(inpudata.json) was not found")
data = None
with open("inputdata.json") as data_file:
data = json.load(data_file)
operations = data['operationdata']
sys.argv.append("-f")
sys.argv.append(data["filestreamtoanalyze"])
sys.argv.append("--profile")
profile = data["profiletypename"] or ProfileGeneratorClass().GetProfile()
logging.info('profile detected is {0}'.format(profile))
sys.argv.append(profile)
output_path = data.get('outputpath') or ''
config.parse_options(False)
sys.argv.append("--output-path")
sys.argv.append(output_path)
config.parse_options()
if utils.getConfigValue(operations,'process') == True:
adprocessesfactory.ADProcesses().execute(operations,config)
if utils.getConfigValue(operations,'drivers') == True:
addriveranddevicefactory.DriverDeviceScan().execute(config)
if utils.getConfigValue(operations,'modules') == True:
adkernelmodulesfactory.ADKernelModules().execute(config)
if utils.getConfigValue(operations,'sdts')== True:
adsdtfactory.ADSdtGenerator().execute(config)
if utils.getConfigValue(operations,'yarascan') == True:
adyarascanfactory.ADYaraScan().execute("",config)
if utils.getConfigValue(operations,'idt') == True:
processors = kpcr.doProcessors(config)
f = open(config.OUTPUT_PATH + 'processors.xml','w')
#f.write(processors.SerializeToString())
f.write(proto2xml(processors,indent=0))
if utils.getConfigValue(operations,'registry') == True:
adregistryfactory.ADRegistryExtractor().execute(config)示例6: init_volatility_config
def init_volatility_config():
global config
global addr_space
registry.PluginImporter()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = 'Win7SP1x86'
mem_image_path = os.path.abspath(sys.argv[1])
config.LOCATION = 'file://' + mem_image_path
addr_space = utils.load_as(config)示例7: __config
def __config(self):
"""Creates a volatility configuration."""
if self.config != None and self.addr_space != None:
return self.config
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": None,
"debug": None,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
if self.osprofile:
base_conf["profile"] = self.osprofile
for key, value in base_conf.items():
self.config.update(key, value)
# Deal with Volatility support for KVM/qemu memory dump.
# See: #464.
try:
self.addr_space = utils.load_as(self.config)
except exc.AddrSpaceError as e:
if self._get_dtb():
self.addr_space = utils.load_as(self.config)
else:
raise
self.plugins = registry.get_plugin_classes(commands.Command,
lower=True)
return self.config示例8: volmain
def volmain(argv):
# Few modifications in original code
config.set_usage(usage = "Volatility - A memory forensics analysis platform.")
config.add_help_hook(list_plugins)
argv = argv.split(" ")
sys.argv = argv
#print sys.argv
# Get the version information on every output from the beginning
# Exceptionally useful for debugging/telling people what's going on
sys.stderr.write("Volatile Systems Volatility Framework {0}\n".format(constants.VERSION))
# Setup the debugging format
debug.setup()
# Load up modules in case they set config options
registry.PluginImporter()
## Register all register_options for the various classes
registry.register_global_options(config, addrspace.BaseAddressSpace)
registry.register_global_options(config, commands.Command)
if config.INFO:
print_info()
#sys.exit(0)
## Parse all the options now
config.parse_options(False)
# Reset the logging level now we know whether debug is set or not
debug.setup(config.DEBUG)
module = None
## Try to find the first thing that looks like a module name
cmds = registry.get_plugin_classes(commands.Command, lower = True)
for m in config.args:
if m in cmds.keys():
module = m
break
if not module:
config.parse_options()
#debug.error("You must specify something to do (try -h)")
try:
if module in cmds.keys():
command = cmds[module](config)
## Register the help cb from the command itself
config.set_help_hook(obj.Curry(command_help, command))
config.parse_options()
if not config.LOCATION:
debug.error("Please specify a location (-l) or filename (-f)")
#print config.LOCATION
command.execute()
except exceptions.VolatilityException, e:
print e示例9: __init__
def __init__(self, image_path):
"""
Create a new Analyzer, with a given image_path
"""
registry.PluginImporter()
self.config = conf.ConfObject()
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
# self.config.PROFILE = "WinXPSP3x86"
self.config.LOCATION = image_path
self.config.parse_options()示例10: run_plugin_process
def run_plugin_process(name, queue, config, cmds):
registry.PluginImporter()
registry.register_global_options(config, addrspace.BaseAddressSpace)
registry.register_global_options(config, commands.Command)
config.parse_options()
command = cmds[name](config)
print 'running: ' + name
try:
calc = command.calculate()
command.render_sqlite(config.OUTPUT_FILE, calc)
except Exception as err:
print name + ': ' + err.message
finally:
queue.put(name)
return示例11: get_address_space
def get_address_space(service_path, profile, yara_path):
log.info("Obtaining address space and generating config for volatility")
registry.PluginImporter()
config = conf.ConfObject()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = profile
config.LOCATION = service_path
config.YARA_FILE = yara_path
return utils.load_as(config)示例12: add_registry
def add_registry(self, config, deb):
self._config = config #conf.ConfObject()
self._debug = deb
self._debug.setup()
registry.PluginImporter()
registry.register_global_options(self._config, commands.Command)
registry.register_global_options(self._config, addrspace.BaseAddressSpace)
self._config.add_option('ENABLEDB', short_option='e',
default=False, action='store_true',
help='Enable database storage for reuse purpose')
self._config.add_option('DBPATH', short_option='m', default='mongodb://localhost:27017',
help='Specify mongodb connection url',
action='store', type='str')
self._config.parse_options()
self._debug.setup(self._config.DEBUG)
self._filename = self._config.FILENAME示例13: __init__
def __init__(self, profile, kdbg, memimg):
'''
@profile: a Volatality profile string
@kdbg: a kdbg address string
@memimg: a memory image file name
'''
# volatility black magic
registry.PluginImporter()
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler(handler="resolve")
registry.register_global_options(self.config, commands.Command)
if memimg:
self.base_conf = {'profile': profile,
'use_old_as': None,
'kdbg': None if kdbg is None else int(kdbg, 16),
'help': False,
'kpcr': None,
'tz': None,
'pid': None,
'output_file': None,
'physical_offset': None,
'conf_file': None,
'dtb': None,
'output': None,
'info': None,
'location': "file://" + memimg,
'plugins': None,
'debug': None,
'cache_dtb': True,
'filename': None,
'cache_directory': None,
'verbose': None,
'write': False}
# set the default config
for k, v in self.base_conf.items():
self.config.update(k, v)
if profile == None:
profile = self.guess_profile(memimg)
sys.stderr.write("Using profile: %s\n" % profile) 示例14: GetConfig
def GetConfig(theFile):
#define Baseline Config
base_conf = {'profile': None,
'use_old_as': None,
'kdbg': None,
'help': False,
'kpcr': None,
'tz': None,
'pid': None,
'output_file': None,
'physical_offset': None,
'conf_file': None,
'dtb': None,
'output': 'text',
'info': None,
'location': theFile,
'plugins': None,
'debug': None,
'cache_dtb': True,
'filename': theFile,
'cache_directory': None,
'verbose': None, 'write':False}
#create volatility config object
configs = conf.ConfObject()
#set location value to file name
configs.LOCATION = theFile
#register global options for volatility functions/plugins to use
registry.register_global_options(configs, commands.Command)
registry.register_global_options(configs, addrspace.BaseAddressSpace)
#run imgageinfo plug to get extract image profile
version = GetVersion(configs)
if not version == None:
#using the base line config update our config object
for k,v in base_conf.items():
configs.update(k, v)
#set config object profile to the version extracted
configs.update('profile', version)
#return config object to be used with our plugins
return configs
else:
return None示例15: init_config
def init_config(self):
"""Creates a volatility configuration."""
if self.config is not None and self.addr_space is not None:
return self.config
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": None,
"debug": 4,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
if self.osprofile:
base_conf["profile"] = self.osprofile
for key, value in base_conf.items():
self.config.update(key, value)
self.plugins = registry.get_plugin_classes(commands.Command, lower=True)
return self.config