本文整理汇总了Python中volatility.obj.Curry方法的典型用法代码示例。如果您正苦于以下问题:Python obj.Curry方法的具体用法?Python obj.Curry怎么用?Python obj.Curry使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类volatility.obj的用法示例。
在下文中一共展示了obj.Curry方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: determine_connections
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Curry [as 别名]
def determine_connections(addr_space):
"""Determines all connections for each module"""
all_modules = win32.modules.lsmod(addr_space)
version = (addr_space.profile.metadata.get('major', 0),
addr_space.profile.metadata.get('minor', 0))
if version <= (5, 1):
module_versions = module_versions_xp
else:
module_versions = module_versions_2003
for m in all_modules:
if str(m.BaseDllName).lower() == 'tcpip.sys':
for attempt in module_versions:
table_size = obj.Object(
"long",
offset = m.DllBase +
module_versions[attempt]['SizeOff'][0],
vm = addr_space)
table_addr = obj.Object(
"address",
offset = m.DllBase +
module_versions[attempt]['TCBTableOff'][0],
vm = addr_space)
if table_size > 0:
table = obj.Object("Array",
offset = table_addr, vm = addr_space,
count = table_size,
target = obj.Curry(obj.Pointer, '_TCPT_OBJECT'))
if table:
for entry in table:
conn = entry.dereference()
seen = set()
while conn.is_valid() and conn.obj_offset not in seen:
yield conn
seen.add(conn.obj_offset)
conn = conn.Next.dereference() 示例2: determine_sockets
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Curry [as 别名]
def determine_sockets(addr_space):
"""Determines all sockets for each module"""
all_modules = win32.modules.lsmod(addr_space)
if addr_space.profile.metadata.get('major', 0) <= 5.1 and addr_space.profile.metadata.get('minor', 0) == 1:
module_versions = module_versions_xp
else:
module_versions = module_versions_2003
for m in all_modules:
if str(m.BaseDllName).lower() == 'tcpip.sys':
for attempt in module_versions:
table_size = obj.Object(
"unsigned long",
offset = m.DllBase +
module_versions[attempt]['AddrObjTableSizeOffset'][0],
vm = addr_space)
table_addr = obj.Object(
"address",
offset = m.DllBase +
module_versions[attempt]['AddrObjTableOffset'][0],
vm = addr_space)
if int(table_size) > 0 and int(table_size) < MAX_SOCKETS:
table = obj.Object("Array",
offset = table_addr, vm = addr_space,
count = table_size,
target = obj.Curry(obj.Pointer, "_ADDRESS_OBJECT"))
if table:
for entry in table:
sock = entry.dereference()
seen = set()
while sock.is_valid() and sock.obj_offset not in seen:
yield sock
seen.add(sock.obj_offset)
sock = sock.Next.dereference() 示例3: main
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Curry [as 别名]
def main():
# Get the version information on every output from the beginning
# Exceptionally useful for debugging/telling people what's going on
sys.stderr.write("Volatility Foundation Volatility Framework {0}\n".format(constants.VERSION))
sys.stderr.flush()
# Setup the debugging format
debug.setup()
# Load up modules in case they set config options
registry.PluginImporter()
## Register all register_options for the various classes
registry.register_global_options(config, addrspace.BaseAddressSpace)
registry.register_global_options(config, commands.Command)
if config.INFO:
print_info()
sys.exit(0)
## Parse all the options now
config.parse_options(False)
# Reset the logging level now we know whether debug is set or not
debug.setup(config.DEBUG)
module = None
## Try to find the first thing that looks like a module name
cmds = registry.get_plugin_classes(commands.Command, lower = True)
for m in config.args:
if m in cmds.keys():
module = m
break
if not module:
config.parse_options()
debug.error("You must specify something to do (try -h)")
try:
if module in cmds.keys():
command = cmds[module](config)
## Register the help cb from the command itself
config.set_help_hook(obj.Curry(command_help, command))
config.parse_options()
if not config.LOCATION:
debug.error("Please specify a location (-l) or filename (-f)")
command.execute()
except exceptions.VolatilityException, e:
print e