本文整理汇总了Python中volatility.debug.error方法的典型用法代码示例。如果您正苦于以下问题:Python debug.error方法的具体用法?Python debug.error怎么用?Python debug.error使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类volatility.debug的用法示例。
在下文中一共展示了debug.error方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: tz_from_string
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def tz_from_string(_option, _opt_str, value, parser):
"""Stores a tzinfo object from a string"""
if value is not None:
if value[0] in ['+', '-']:
# Handed a numeric offset, create an OffsetTzInfo
valarray = [value[i:i + 2] for i in range(1, len(value), 2)]
multipliers = [3600, 60]
offset = 0
for i in range(min(len(valarray), len(multipliers))):
offset += int(valarray[i]) * multipliers[i]
if value[0] == '-':
offset = -offset
timezone = OffsetTzInfo(offset = offset)
else:
# Value is a lookup, choose pytz over time.tzset
if tz_pytz:
try:
timezone = pytz.timezone(value)
except pytz.UnknownTimeZoneError:
debug.error("Unknown display timezone specified")
else:
if not hasattr(time, 'tzset'):
debug.error("This operating system doesn't support tzset, please either specify an offset (eg. +1000) or install pytz")
timezone = value
parser.values.tz = timezone 示例2: Object
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def Object(theType, offset, vm, name = None, **kwargs):
""" A function which instantiates the object named in theType (as
a string) from the type in profile passing optional args of
kwargs.
"""
name = name or theType
offset = int(offset)
try:
if vm.profile.has_type(theType):
result = vm.profile.types[theType](offset = offset, vm = vm, name = name, **kwargs)
return result
except InvalidOffsetError:
## If we cant instantiate the object here, we just error out:
return NoneObject("Invalid Address 0x{0:08X}, instantiating {1}".format(offset, name),
strict = vm.profile.strict)
## If we get here we have no idea what the type is supposed to be?
## This is a serious error.
debug.warning("Cant find object {0} in profile {1}?".format(theType, vm.profile)) 示例3: __init__
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def __init__(self, theType, offset, vm, parent = None,
count = 1, targetType = None, target = None, name = None, **kwargs):
## Instantiate the first object on the offset:
BaseObject.__init__(self, theType, offset, vm,
parent = parent, name = name, **kwargs)
if callable(count):
count = count(parent)
self.count = int(count)
self.original_offset = offset
if targetType:
self.target = Curry(Object, targetType)
else:
self.target = target
self.current = self.target(offset = offset, vm = vm, parent = self, name = name)
if self.current.size() == 0:
## It is an error to have a zero sized element
debug.debug("Array with 0 sized members???", level = 10)
debug.b() 示例4: _elide
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def _elide(self, string, length):
"""Adds three dots in the middle of a string if it is longer than length"""
# Only elide data if we've been asked to (which we are by default)
if not self.elide_data:
return string
if length == -1:
return string
if len(string) < length:
return (" " * (length - len(string))) + string
elif len(string) == length:
return string
else:
if length < 5:
debug.error("Cannot elide a string to length less than 5")
even = ((length + 1) % 2)
length = (length - 3) / 2
return string[:length + even] + "..." + string[-length:] 示例5: calculate
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def calculate(self):
addr_space = utils.load_as(self._config)
if not self.is_valid_profile(addr_space.profile):
debug.error("This command does not support the selected profile.")
for objct in self.scan_results(addr_space):
if isinstance(objct, _UDP_ENDPOINT):
# For UdpA, the state is always blank and the remote end is asterisks
for ver, laddr, _ in objct.dual_stack_sockets():
yield objct, "UDP" + ver, laddr, objct.Port, "*", "*", ""
elif isinstance(objct, _TCP_ENDPOINT):
if objct.AddressFamily == AF_INET:
proto = "TCPv4"
elif objct.AddressFamily == AF_INET6:
proto = "TCPv6"
yield objct, proto, objct.LocalAddress, objct.LocalPort, \
objct.RemoteAddress, objct.RemotePort, objct.State
elif isinstance(objct, _TCP_LISTENER):
# For TcpL, the state is always listening and the remote port is zero
for ver, laddr, raddr in objct.dual_stack_sockets():
yield objct, "TCP" + ver, laddr, objct.Port, raddr, 0, "LISTENING" 示例6: render_text
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def render_text(self, outfd, data):
if self._config.DUMP_DIR == None:
debug.error("Please specify a dump directory (--dump-dir)")
if not os.path.isdir(self._config.DUMP_DIR):
debug.error(self._config.DUMP_DIR + " is not a directory")
for pid, task, pagedata in data:
outfd.write("*" * 72 + "\n")
task_space = task.get_process_address_space()
outfd.write("Writing {0} [{1:6}] to {2}.dmp\n".format(task.ImageFileName, pid, str(pid)))
f = open(os.path.join(self._config.DUMP_DIR, str(pid) + ".dmp"), 'wb')
if pagedata:
for p in pagedata:
data = task_space.read(p[0], p[1])
if data == None:
if self._config.verbose:
outfd.write("Memory Not Accessible: Virtual Address: 0x{0:x} Size: 0x{1:x}\n".format(p[0], p[1]))
else:
f.write(data)
else:
outfd.write("Unable to read pages for task.\n")
f.close() 示例7: calculate
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def calculate(self):
linux_common.set_plugin_members(self)
for module in self._get_modules():
if self._config.PARAMS:
if not hasattr(module, "kp"):
debug.error("Gathering module parameters is not supported in this profile.")
params = module.get_params()
else:
params = ""
if self._config.SECTIONS:
sections = module.get_sections()
else:
sections = []
yield (module, sections, params) 示例8: _get_header_64
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def _get_header_64(self, load_addr, sect_hdr_offset, num_sects):
e_ident = "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
e_type = "\x01\x00" # relocateble
e_machine = "\x03\x00"
e_version = "\x01\x00\x00\x00"
e_entry = "\x00" * 8
e_phoff = "\x00" * 8
e_shoff = struct.pack("<Q", sect_hdr_offset)
e_flags = "\x00\x00\x00\x00"
e_ehsize = "\x40\x00"
e_phentsize = "\x00\x00"
e_phnum = "\x00\x00"
e_shentsize = "\x40\x00"
e_shnum = struct.pack("<H", num_sects + 1) # this works as we stick the seciton we create at the end
e_shstrndx = struct.pack("<H", num_sects)
header = e_ident + e_type + e_machine + e_version + e_entry + e_phoff + e_shoff + e_flags
header = header + e_ehsize + e_phentsize + e_phnum + e_shentsize + e_shnum + e_shstrndx
if len(header) != 64:
debug.error("BUG: ELF header not bytes. %d" % len(header))
return header 示例9: _build_sections_list
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def _build_sections_list(self, module):
sections = []
symtab_idx = -1
for (i, sect) in enumerate(module.get_sections()):
name = str(sect.sect_name)
sections.append((name, sect.address.v()))
if name == ".symtab":
symtab_idx = i
if symtab_idx == -1:
debug.error("No section .symtab found. Unable to properly re-create ELF file.")
return (sections, symtab_idx)
# we do this in a couple phases:
# 1) walk the volatlity get_sections
# 2) this gives us the name and start address of each
# 3) we use the list we build in build_.. so then we can calcluate the size of each
# 4) with the final list of name,address,size we can read the sections and populate the info in the file 示例10: _make_sect_header_64
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def _make_sect_header_64(self, name, address, size, file_off, strtab_idx, symtab_idx):
int_sh_type = self._calc_sect_type(name)
sh_name = struct.pack("<I", self._calc_sect_name_idx(name))
sh_type = struct.pack("<I", int_sh_type)
sh_flags = struct.pack("<Q", self._calc_sect_flags(name))
sh_addr = struct.pack("<Q", address)
sh_offset = struct.pack("<Q", file_off)
sh_size = struct.pack("<Q", size)
sh_link = struct.pack("<I", self._calc_link(name, strtab_idx, symtab_idx, int_sh_type))
sh_info = "\x00" * 4
sh_addralign = "\x01\x00\x00\x00\x00\x00\x00\x00"
sh_entsize = struct.pack("<Q", self._calc_entsize(name, int_sh_type, 64))
data = sh_name + sh_type + sh_flags + sh_addr + sh_offset + sh_size
data = data + sh_link + sh_info + sh_addralign + sh_entsize
if len(data) != 64:
debug.error("Broken section building! %d" % len(data))
return data 示例11: _make_sect_header_32
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def _make_sect_header_32(self, name, address, size, file_off, strtab_idx, symtab_idx):
#print "trying: %-30s | %.16x | %.8x | %d" % (name, address, size, file_off)
int_sh_type = self._calc_sect_type(name)
sh_name = struct.pack("<I", self._calc_sect_name_idx(name))
sh_type = struct.pack("<I", int_sh_type)
sh_flags = struct.pack("<I", self._calc_sect_flags(name))
sh_addr = struct.pack("<I", address)
sh_offset = struct.pack("<I", file_off)
sh_size = struct.pack("<I", size)
sh_link = struct.pack("<I", self._calc_link(name, strtab_idx, symtab_idx, int_sh_type))
sh_info = "\x00" * 4
sh_addralign = "\x01\x00\x00\x00"
sh_entsize = struct.pack("<I", self._calc_entsize(name, int_sh_type, 32))
data = sh_name + sh_type + sh_flags + sh_addr + sh_offset + sh_size
data = data + sh_link + sh_info + sh_addralign + sh_entsize
if len(data) != 40:
debug.error("Broken section building! %d" % len(data))
return data 示例12: calculate
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def calculate(self):
linux_common.set_plugin_members(self)
if not self.profile.obj_has_member("task_struct", "cred"):
debug.error("This command is not supported in this profile.")
creds = {}
tasks = linux_pslist.linux_pslist.calculate(self)
for task in tasks:
cred_addr = task.cred.v()
if not cred_addr in creds:
creds[cred_addr] = []
creds[cred_addr].append(task.pid)
yield creds 示例13: calculate
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def calculate(self):
common.set_plugin_members(self)
if self.profile.metadata['arch'] not in ["x64", "x86"]:
debug.error("This plugin is only supported on Intel-based memory captures")
self.bits = self.profile.metadata.get('memory_model', '32bit')
self.reg_size = reg_size[self.bits]
self.offsets = offsets[self.bits]
self.fmt = fmt[self.bits]
for proc in linux_pslist.linux_pslist(self._config).calculate():
name = proc.get_commandline()
thread_registers = []
for thread_task in proc.threads():
thread_name = thread_task.comm
regs = self.parse_kernel_stack(thread_task)
thread_registers.append((thread_name,regs))
yield proc, name, thread_registers 示例14: calculate
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def calculate(self):
linux_common.set_plugin_members(self)
num_files = 0
if (not self._config.DUMP_DIR or not os.path.isdir(self._config.DUMP_DIR)):
debug.error("Please specify an existing output dir (--dump-dir)")
ff = linux_find_file.linux_find_file(self._config)
for (_, _, file_path, file_dentry) in ff.walk_sbs():
self._make_path(file_path, file_dentry)
self._write_file(ff, file_path, file_dentry)
self._fix_metadata(file_path, file_dentry)
num_files = num_files + 1
yield num_files 示例15: render_text
# 需要导入模块: from volatility import debug [as 别名]
# 或者: from volatility.debug import error [as 别名]
def render_text(self, outfd, data):
if not self._config.DUMP_DIR:
debug.error("-D/--dump-dir must given that specifies an existing directory")
self.table_header(outfd, [("Offset", "[addrpad]"),
("Name", "20"),
("Pid", "15"),
("Address", "[addrpad]"),
("Output File", "")])
for task in data:
if not task.mm:
continue
file_path = linux_common.write_elf_file(self._config.DUMP_DIR, task, task.mm.start_code)
self.table_row(outfd, task.obj_offset,
task.comm,
str(task.pid),
task.mm.start_code,
file_path)