本文整理汇总了Python中volatility.conf.ConfObject方法的典型用法代码示例。如果您正苦于以下问题:Python conf.ConfObject方法的具体用法?Python conf.ConfObject怎么用?Python conf.ConfObject使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类volatility.conf的用法示例。
在下文中一共展示了conf.ConfObject方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_config
# 需要导入模块: from volatility import conf [as 别名]
# 或者: from volatility.conf import ConfObject [as 别名]
def get_config(profile, target_path):
config = conf.ConfObject()
registry.register_global_options(config, commands.Command)
registry.register_global_options(config, addrspace.BaseAddressSpace)
config.parse_options()
config.PROFILE = profile
config.LOCATION = "file://{0}".format(target_path)
return config 示例2: init_config
# 需要导入模块: from volatility import conf [as 别名]
# 或者: from volatility.conf import ConfObject [as 别名]
def init_config(self):
"""Creates a volatility configuration."""
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": 'plugins',
"debug": 4,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
if self.osprofile:
base_conf["profile"] = self.osprofile
for key, value in base_conf.items():
self.config.update(key, value)
self.plugins = registry.get_plugin_classes(commands.Command, lower=True)
return self.config 示例3: __init__
# 需要导入模块: from volatility import conf [as 别名]
# 或者: from volatility.conf import ConfObject [as 别名]
def __init__(self, path, profile='WinXPSP2x86'):
self.config = conf.ConfObject()
registry.PluginImporter()
registry.register_global_options(self.config, commands.Command)
registry.register_global_options(self.config, addrspace.BaseAddressSpace)
# self.config.parse_options()
self.config.PROFILE = profile
self.config.LOCATION = "file://" + path
self.Memory = utils.load_as(self.config)
self.Processes = self.__getProcesses()
self.Threads = self.__getThreads() 示例4: _section_chunks
# 需要导入模块: from volatility import conf [as 别名]
# 或者: from volatility.conf import ConfObject [as 别名]
def _section_chunks(self, sec_name):
"""Get the win32k.sys section as an array of
32-bit unsigned longs.
@param sec_name: name of the PE section in win32k.sys
to search for.
@returns all chunks on a 4-byte boundary.
"""
dos_header = obj.Object("_IMAGE_DOS_HEADER",
offset = self.Win32KBase, vm = self.obj_vm)
if dos_header:
try:
nt_header = dos_header.get_nt_header()
sections = [
sec for sec in nt_header.get_sections()
if str(sec.Name) == sec_name
]
# There should be exactly one section
if sections:
desired_section = sections[0]
return obj.Object("Array", targetType = "unsigned long",
offset = desired_section.VirtualAddress + dos_header.obj_offset,
count = desired_section.Misc.VirtualSize / 4,
vm = self.obj_vm)
except ValueError:
## This catches PE header parsing exceptions
pass
## Don't try to read an address that doesn't exist
if not self.Win32KBase:
return []
## In the rare case when win32k.sys PE header is paged or corrupted
## thus preventing us from parsing the sections, use the fallback
## mechanism of just reading 5 MB (max size of win32k.sys) from the
## base of the kernel module.
data = self.obj_vm.zread(self.Win32KBase, 0x500000)
## Fill a Buffer AS with the zread data and set its base to win32k.sys
## so we can still instantiate an Array and have each chunk at the
## correct offset in virtual memory.
buffer_as = addrspace.BufferAddressSpace(conf.ConfObject(),
data = data,
base_offset = self.Win32KBase)
return obj.Object("Array", targetType = "unsigned long",
offset = self.Win32KBase,
count = len(data) / 4,
vm = buffer_as) 示例5: __config
# 需要导入模块: from volatility import conf [as 别名]
# 或者: from volatility.conf import ConfObject [as 别名]
def __config(self):
"""Creates a volatility configuration."""
if self.config != None and self.addr_space != None:
return self.config
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": None,
"debug": None,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
if self.osprofile:
base_conf["profile"] = self.osprofile
for key, value in base_conf.items():
self.config.update(key, value)
# Deal with Volatility support for KVM/qemu memory dump.
# See: #464.
try:
self.addr_space = utils.load_as(self.config)
except exc.AddrSpaceError as e:
if self._get_dtb():
self.addr_space = utils.load_as(self.config)
else:
raise
self.plugins = registry.get_plugin_classes(commands.Command,
lower=True)
return self.config 示例6: __init__
# 需要导入模块: from volatility import conf [as 别名]
# 或者: from volatility.conf import ConfObject [as 别名]
def __init__(self, profile, kdbg, memimg):
'''
@profile: a Volatality profile string
@kdbg: a kdbg address string
@memimg: a memory image file name
'''
# volatility black magic
registry.PluginImporter()
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler(handler="resolve")
registry.register_global_options(self.config, commands.Command)
if memimg:
self.base_conf = {'profile': profile,
'use_old_as': None,
'kdbg': None if kdbg is None else int(kdbg, 16),
'help': False,
'kpcr': None,
'tz': None,
'pid': None,
'output_file': None,
'physical_offset': None,
'conf_file': None,
'dtb': None,
'output': None,
'info': None,
'location': "file://" + memimg,
'plugins': None,
'debug': None,
'cache_dtb': True,
'filename': None,
'cache_directory': None,
'verbose': None,
'write': False}
# set the default config
for k, v in self.base_conf.items():
self.config.update(k, v)
if profile == None:
profile = self.guess_profile(memimg)
sys.stderr.write("Using profile: %s\n" % profile) 示例7: initialize
# 需要导入模块: from volatility import conf [as 别名]
# 或者: from volatility.conf import ConfObject [as 别名]
def initialize(self):
# Check dependencies
if not HAVE_VOLATILITY:
raise ModuleInitializationError(self, "Missing dependency: volatility")
# Default configuration
base_conf = {
"profile": self.volatility.profile,
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"plugins": self.volatility.plugins,
"debug": None,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
# Create Volatility API configuration
self._volconfig = conf.ConfObject()
self._volconfig.optparser.set_conflict_handler("resolve")
for key, value in base_conf.items():
self._volconfig.update(key, value)
# Get all available plugins
# These two imports must occur after configuration init
# Else, 'plugins' configuration will not be effective
self._volcommands = import_module("volatility.commands")
self._volregistry = import_module("volatility.registry")
self._volutils = import_module("volatility.utils")
self._volregistry.PluginImporter()
self.plugins = self._volregistry.get_plugin_classes(self._volcommands.Command, lower=True)
# Check if we have the right volatility plugins for this module
if self.plugin_name is not None:
self.needs_plugin(self.plugin_name)