当前位置: 首页>>代码示例>>Python>>正文


Python obj.Profile方法代码示例

本文整理汇总了Python中volatility.obj.Profile方法的典型用法代码示例。如果您正苦于以下问题:Python obj.Profile方法的具体用法?Python obj.Profile怎么用?Python obj.Profile使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在volatility.obj的用法示例。


在下文中一共展示了obj.Profile方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _set_profile

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def _set_profile(self, profile_name):
        ## Load the required profile
        if profile_name == None:
            raise ASAssertionError, "You must set a profile!"
        if profile_name in PROFILES:
            ret = PROFILES[profile_name]
        else:
            profs = registry.get_plugin_classes(obj.Profile)
            if profile_name in profs:
                ret = profs[profile_name]()
                PROFILES[profile_name] = ret
            else:
                raise ASAssertionError, "Invalid profile " + profile_name + " selected"
        if not self.is_valid_profile(ret):
            raise ASAssertionError, "Incompatible profile " + profile_name + " selected"
        return ret 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:18,代码来源:addrspace.py

示例2: unique_sizes

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def unique_sizes(self):
    
        items = registry.get_plugin_classes(obj.Profile).items()
        sizes = set()
        
        for name, cls in items:
            if (cls._md_os != "windows" or cls._md_memory_model != "64bit"):
                continue
                
            #if (cls._md_major, cls._md_minor) < (6, 2):
            #    continue 
                
            conf = copy.deepcopy(self.obj_vm.get_config())
            conf.PROFILE = name 
            buff = addrspace.BufferAddressSpace(config = conf)
            header = obj.VolMagic(buff).KDBGHeader.v()
            
            # this unpacks the kdbgsize from the signature 
            size = struct.unpack("<H", header[-2:])[0]
            sizes.add(size)
            
        return sizes 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:24,代码来源:win8_kdbg.py

示例3: print_info

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def print_info():
    """ Returns the results """
    categories = {addrspace.BaseAddressSpace: 'Address Spaces',
                  commands.Command : 'Plugins',
                  obj.Profile: 'Profiles',
                  scan.ScannerCheck: 'Scanner Checks'}
    for c, n in sorted(categories.items()):
        lower = (c == commands.Command)
        plugins = registry.get_plugin_classes(c, lower = lower)
        print "\n"
        print "{0}".format(n)
        print "-" * len(n)

        result = []
        max_length = 0
        for clsname, cls in sorted(plugins.items()):
            try:
                doc = cls.__doc__.strip().splitlines()[0]
            except AttributeError:
                doc = 'No docs'
            result.append((clsname, doc))
            max_length = max(len(clsname), max_length)

        for (name, doc) in result:
            print "{0:{2}} - {1:15}".format(name, doc, max_length) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:27,代码来源:vol.py

示例4: list_plugins

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def list_plugins(self):
        """
        list of plugins valid for the selected profile
        :return:
        """
        plugin_list = []
        cmds = registry.get_plugin_classes(commands.Command, lower=True)
        profs = registry.get_plugin_classes(obj.Profile)
        profile_type = self.config.PROFILE
        if profile_type not in profs:
            print "Not a valid profile"
        profile = profs[profile_type]()
        for cmdname in sorted(cmds):
            command = cmds[cmdname]
            helpline = command.help() or ''

            if command.is_valid_profile(profile):
                plugin_list.append([cmdname, helpline])
        return plugin_list 
开发者ID:kevthehermit,项目名称:VolUtility,代码行数:21,代码来源:vol_interface.py

示例5: check_valid_profile

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def check_valid_profile(option, _opt_str, value, parser):
    """Checks to make sure the selected profile is valid"""
    # PROFILES may not have been created yet,
    # but the callback should get called once it has
    # during the final parse of the config options
    profs = registry.get_plugin_classes(obj.Profile)
    if profs:
        try:
            profs[value]
        except KeyError:
            debug.error("Invalid profile " + value + " selected")
        setattr(parser.values, option.dest, value) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:14,代码来源:addrspace.py

示例6: modification

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def modification(self, profile):
        profiles = registry.get_plugin_classes(obj.Profile)
        meta = profile.metadata

        # find the equivalent 32-bit profile to this 64-bit profile.
        # the prof._md_build + 1 accounts for a poor decision we made
        # a while back where we added + 1 to the build number for 
        # server-based profiles as a method to distinguish between 
        # client vs server in a plugin. 
        profile_32bit = None
        for prof in profiles.values():
            if (prof._md_os == "windows" and
                            prof._md_major == meta.get("major") and
                            prof._md_minor == meta.get("minor") and
                            ((prof._md_build == meta.get("build")) or (prof._md_build + 1 == meta.get("build"))) and
                            prof._md_memory_model == "32bit"):

                profile_32bit = prof()
                break

        if profile_32bit == None:
            debug.warning("Cannot find a 32-bit equivalent profile. The "\
                "WoW64 plugins (dlllist, ldrmodules, etc) may not work.")
            return

        profile.vtypes.update({
            "_PEB32_LDR_DATA": self.cast_as_32bit(profile_32bit.vtypes["_PEB_LDR_DATA"]),
            "_LDR32_DATA_TABLE_ENTRY": self.cast_as_32bit(profile_32bit.vtypes["_LDR_DATA_TABLE_ENTRY"]),
            '_UNICODE32_STRING': self.cast_as_32bit(profile_32bit.vtypes["_UNICODE_STRING"]),
        })

        profile.object_classes.update({
            "_LDR32_DATA_TABLE_ENTRY": pe_vtypes._LDR_DATA_TABLE_ENTRY,
            "_UNICODE32_STRING": windows._UNICODE_STRING,
            "LIST_ENTRY32": LIST_ENTRY32,
        })

        profile.merge_overlay({
            '_PEB32': [None, {
                'Ldr': [None, ['pointer32', ['_PEB32_LDR_DATA']]],
        }]}) 
开发者ID:volatilityfoundation,项目名称:volatility,代码行数:43,代码来源:windows64.py

示例7: list_plugins

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def list_plugins():
    result = "\n\tSupported Plugin Commands:\n\n"
    cmds = registry.get_plugin_classes(commands.Command, lower = True)
    profs = registry.get_plugin_classes(obj.Profile)
    if config.PROFILE == None:
        config.update("PROFILE", "WinXPSP2x86")
    if config.PROFILE not in profs:
        raise BaseException("Invalid profile " + config.PROFILE + " selected")
    profile = profs[config.PROFILE]()
    wrongprofile = ""
    for cmdname in sorted(cmds):
        command = cmds[cmdname]
        helpline = command.help() or ''
        ## Just put the title line (First non empty line) in this
        ## abbreviated display
        for line in helpline.splitlines():
            if line:
                helpline = line
                break
        if command.is_valid_profile(profile):
            result += "\t\t{0:15}\t{1}\n".format(cmdname, helpline)
        else:
            wrongprofile += "\t\t{0:15}\t{1}\n".format(cmdname, helpline)

    if wrongprofile and config.VERBOSE:
        result += "\n\tPlugins requiring a different profile:\n\n"
        result += wrongprofile

    return result 
开发者ID:vortessence,项目名称:vortessence,代码行数:31,代码来源:vol.py

示例8: execute

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def execute(self):
        """ Executes the plugin command."""
        # Check we can support the plugins
        profs = registry.get_plugin_classes(obj.Profile)
        # force user to give a profile if a plugin 
        #  other than kdbgscan or imageinfo are given:
        if self.__class__.__name__.lower() in ["kdbgscan", "imageinfo"] and self._config.PROFILE == None:
            self._config.update("PROFILE", "WinXPSP2x86")
        elif self._config.PROFILE == None:
            debug.error("You must set a profile!")
        if self._config.PROFILE not in profs:
            debug.error("Invalid profile " + self._config.PROFILE + " selected")
        if not self.is_valid_profile(profs[self._config.PROFILE]()):
            debug.error("This command does not support the profile " + self._config.PROFILE)

        # # Executing plugins is done in two stages - first we calculate
        data = self.calculate()

        ## Then we render the result in some way based on the
        ## requested output mode:
        function_name = "render_{0}".format(self._config.OUTPUT)
        if self._config.OUTPUT_FILE:
            outfd = open(self._config.OUTPUT_FILE, 'w')
            # TODO: We should probably check that this won't blat over an existing file 
        else:
            outfd = sys.stdout

        try:
            func = getattr(self, function_name)
        except AttributeError:
            ## Try to find out what formats are supported
            result = []
            for x in dir(self):
                if x.startswith("render_"):
                    _a, b = x.split("_", 1)
                    result.append(b)

            print "Plugin {0} is unable to produce output in format {1}. Supported formats are {2}. Please send a feature request".format(self.__class__.__name__, self._config.OUTPUT, result)
            return

        func(outfd, data) 
开发者ID:504ensicsLabs,项目名称:DAMM,代码行数:43,代码来源:commands.py

示例9: guess_profile

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def guess_profile(self, memimg):
        '''
        Using one of the user-specified memory image files, try to guess a
        working Volatility profile. This can easily take on the order of
        minutes.

        @memimg: a memory image file name

        @return: the guessed Volatiltiy profile string
        '''
        sys.stderr.write("Auto configuring profile. This may take a some time.\n")

        self.set_memimg(memimg)
        
        # Must set a dummy profile or volatility dies
        self.set_profile('WinXPSP2x86')

        chosen = None
        profilelist = [p.__name__ for p in registry.get_plugin_classes(obj.Profile).values()]
        for profile in profilelist:
            self.config.update('profile', profile)
            addr_space = utils.load_as(self.config, astype='any')
            if hasattr(addr_space, "dtb"):
                chosen = profile
                break
        
        return chosen 
开发者ID:504ensicsLabs,项目名称:DAMM,代码行数:29,代码来源:volsetup.py

示例10: profile_list

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def profile_list():
    """
    Return a list of available Profiles
    :return:
    """
    prof_list = ['AutoDetect']
    profs = registry.get_plugin_classes(obj.Profile)
    for profile in profs.iterkeys():
        prof_list.append(profile)
    return sorted(prof_list) 
开发者ID:kevthehermit,项目名称:VolUtility,代码行数:12,代码来源:vol_interface.py

示例11: execute

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def execute(self):
        """ Executes the plugin command."""
        # Check we can support the plugins
        profs = registry.get_plugin_classes(obj.Profile)
        # force user to give a profile if a plugin
        #  other than kdbgscan or imageinfo are given:
        plugin_name = self.__class__.__name__.lower()

        if plugin_name != "mac_get_profile":
            if self._config.PROFILE == None:
                if plugin_name in ["kdbgscan", "imageinfo"]:
                    self._config.update("PROFILE", "WinXPSP2x86")
                else:
                    debug.error("You must set a profile!")
           
            if self._config.PROFILE not in profs:
                debug.error("Invalid profile " + self._config.PROFILE + " selected")
            if not self.is_valid_profile(profs[self._config.PROFILE]()):
                debug.error("This command does not support the profile " + self._config.PROFILE)

        # # Executing plugins is done in two stages - first we calculate
        data = self.calculate()

        ## Then we render the result in some way based on the
        ## requested output mode:
        function_name = "render_{0}".format(self._config.OUTPUT)
        if not self._config.OUTPUT == "sqlite" and self._config.OUTPUT_FILE:
            out_file = '{0}_{1}.txt'.format(time.strftime('%Y%m%d%H%M%S'), plugin_name) if self._config.OUTPUT_FILE == '.' else self._config.OUTPUT_FILE
            if os.path.exists(out_file):
                debug.error("File " + out_file + " already exists.  Cowardly refusing to overwrite it...")
            print 'Outputting to: {0}'.format(out_file)
            outfd = open(out_file, 'wb')
        else:
            outfd = sys.stdout

        try:
            func = getattr(self, function_name)
        except AttributeError:
            ## Try to find out what formats are supported
            result = []
            for x in dir(self):
                if x.startswith("render_"):
                    _a, b = x.split("_", 1)
                    result.append(b)

            print "Plugin {0} is unable to produce output in format {1}. Supported formats are {2}. Please send a feature request".format(self.__class__.__name__, self._config.OUTPUT, result)
            return

        func(outfd, data) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:51,代码来源:commands.py

示例12: calculate

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def calculate(self):
        """Determines the address space"""
        profilelist = [ p.__name__ for p in registry.get_plugin_classes(obj.Profile).values() ]

        encrypted_kdbg_profiles = []
        proflens = {}
        maxlen = 0
        origprofile = self._config.PROFILE
        for p in profilelist:
            self._config.update('PROFILE', p)
            buf = addrspace.BufferAddressSpace(self._config)
            if buf.profile.metadata.get('os', 'unknown') == 'windows':
                proflens[p] = str(obj.VolMagic(buf).KDBGHeader)
                maxlen = max(maxlen, len(proflens[p]))
                if (buf.profile.metadata.get('memory_model', '64bit') == '64bit' and 
                            (buf.profile.metadata.get('major', 0), 
                            buf.profile.metadata.get('minor', 0)) >= (6, 2)):
                    encrypted_kdbg_profiles.append(p)
                    
        self._config.update('PROFILE', origprofile)
        # keep track of the number of potential KDBGs we find
        count = 0

        if origprofile not in encrypted_kdbg_profiles:
            scanner = KDBGScanner(needles = proflens.values())

            aspace = utils.load_as(self._config, astype = 'any')

            suspects = []
            for offset in scanner.scan(aspace):
                val = aspace.read(offset, maxlen + 0x10)
                for l in proflens:
                    if val.find(proflens[l]) >= 0:
                        kdbg = obj.Object("_KDDEBUGGER_DATA64", offset = offset, vm = aspace)
                        suspects.append((l, kdbg))
                        count += 1
            for p, k in suspects:
                if not self._config.FORCE:
                    yield p, k
                    continue
                self._config.update("PROFILE", p)
                nspace = utils.load_as(self._config, astype = "any")
                for offset in scanner.scan(nspace):
                    val = nspace.read(offset, maxlen + 0x10)
                    if val.find(proflens[p]) >= 0:
                        kdbg = obj.Object("_KDDEBUGGER_DATA64", offset = offset, vm = nspace)
                        yield p, kdbg
            self._config.update('PROFILE', origprofile)

        # only perform the special win8/2012 scan if we didn't find 
        # any others and if a virtual x64 address space is available 
        if count == 0:
            if origprofile in encrypted_kdbg_profiles:
                encrypted_kdbg_profiles = [origprofile]
            for profile in encrypted_kdbg_profiles:
                self._config.update('PROFILE', profile)
                aspace = utils.load_as(self._config, astype = 'any')
                if hasattr(aspace, 'vtop'):
                    for kdbg in obj.VolMagic(aspace).KDBG.generate_suggestions():
                        yield profile, kdbg 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:62,代码来源:kdbgscan.py

示例13: execute

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def execute(self):
        """ Executes the plugin command."""
        # Check we can support the plugins
        profs = registry.get_plugin_classes(obj.Profile)
        # force user to give a profile if a plugin
        #  other than kdbgscan or imageinfo are given:
        if self.__class__.__name__.lower() in ["kdbgscan", "imageinfo"] and self._config.PROFILE == None:
            self._config.update("PROFILE", "WinXPSP2x86")
        elif self._config.PROFILE == None:
            debug.error("You must set a profile!")
        if self._config.PROFILE not in profs:
            debug.error("Invalid profile " + self._config.PROFILE + " selected")
        if not self.is_valid_profile(profs[self._config.PROFILE]()):
            debug.error("This command does not support the profile " + self._config.PROFILE)

        # # Executing plugins is done in two stages - first we calculate
        data = self.calculate()

        ## Then we render the result in some way based on the
        ## requested output mode:
        function_name = "render_{0}".format(self._config.OUTPUT)
        if self._config.OUTPUT_FILE:
            if os.path.exists(self._config.OUTPUT_FILE):
                debug.error("File " + self._config.OUTPUT_FILE + " already exists.  Cowardly refusing to overwrite it...")
            outfd = open(self._config.OUTPUT_FILE, 'wb')
            # TODO: We should probably check that this won't blat over an existing file
        else:
            outfd = sys.stdout

        try:
            func = getattr(self, function_name)
        except AttributeError:
            ## Try to find out what formats are supported
            result = []
            for x in dir(self):
                if x.startswith("render_"):
                    _a, b = x.split("_", 1)
                    result.append(b)

            print "Plugin {0} is unable to produce output in format {1}. Supported formats are {2}. Please send a feature request".format(self.__class__.__name__, self._config.OUTPUT, result)
            return

        func(outfd, data) 
开发者ID:vortessence,项目名称:vortessence,代码行数:45,代码来源:commands.py

示例14: calculate

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import Profile [as 别名]
def calculate(self):
        """Determines the address space"""
        profilelist = [ p.__name__ for p in registry.get_plugin_classes(obj.Profile).values() ]

        encrypted_kdbg_profiles = []
        proflens = {}
        maxlen = 0
        origprofile = self._config.PROFILE
        for p in profilelist:
            self._config.update('PROFILE', p)
            buf = addrspace.BufferAddressSpace(self._config)
            if buf.profile.metadata.get('os', 'unknown') == 'windows':
                proflens[p] = str(obj.VolMagic(buf).KDBGHeader)
                maxlen = max(maxlen, len(proflens[p]))
                if (buf.profile.metadata.get('memory_model', '64bit') == '64bit' and 
                            (buf.profile.metadata.get('major', 0), 
                            buf.profile.metadata.get('minor', 0)) >= (6, 2)):
                    encrypted_kdbg_profiles.append(p)
                    
        self._config.update('PROFILE', origprofile)
        # keep track of the number of potential KDBGs we find
        count = 0

        if origprofile not in encrypted_kdbg_profiles:
            scanner = KDBGScanner(needles = proflens.values())

            aspace = utils.load_as(self._config, astype = 'any')

            for offset in scanner.scan(aspace):
                val = aspace.read(offset, maxlen + 0x10)
                for l in proflens:
                    if val.find(proflens[l]) >= 0:
                        kdbg = obj.Object("_KDDEBUGGER_DATA64", offset = offset, vm = aspace)
                        yield l, kdbg
                        count += 1

        # only perform the special win8/2012 scan if we didn't find 
        # any others and if a virtual x64 address space is available 
        if count == 0:
            if origprofile in encrypted_kdbg_profiles:
                encrypted_kdbg_profiles = [origprofile]
            for profile in encrypted_kdbg_profiles:
                self._config.update('PROFILE', profile)
                aspace = utils.load_as(self._config, astype = 'any')
                if hasattr(aspace, 'vtop'):
                    for kdbg in obj.VolMagic(aspace).KDBG.generate_suggestions():
                        yield profile, kdbg 
开发者ID:vortessence,项目名称:vortessence,代码行数:49,代码来源:kdbgscan.py


注:本文中的volatility.obj.Profile方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。