当前位置: 首页>>代码示例>>Python>>正文


Python filescan.FileScan方法代码示例

本文整理汇总了Python中volatility.plugins.filescan.FileScan方法的典型用法代码示例。如果您正苦于以下问题:Python filescan.FileScan方法的具体用法?Python filescan.FileScan怎么用?Python filescan.FileScan使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在volatility.plugins.filescan的用法示例。


在下文中一共展示了filescan.FileScan方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: get_tasks

# 需要导入模块: from volatility.plugins import filescan [as 别名]
# 或者: from volatility.plugins.filescan import FileScan [as 别名]
def get_tasks(self):

        debug.debug('Started get_tasks()')
        addr_space = utils.load_as(self._config)
        f = filescan.FileScan(self._config)
        tasks = []
        parsed_tasks = []

        try:
            for file in f.calculate():
                filename = str(file.file_name_with_device() or '')
                if "system32\\tasks\\" in filename.lower() and (('system32\\tasks\\microsoft' not in filename.lower() or self._config.VERBOSE)):
                    tasks.append((file.obj_offset, filename))
                    debug.debug("Found task: 0x{0:x} {1}".format(file.obj_offset, filename))

            for offset, name in tasks:

                self._config.PHYSOFFSET = '0x{:x}'.format(offset)
                df = dumpfiles.DumpFiles(self._config)
                self._config.DUMP_DIR = '.'
                for data in df.calculate():
                    # Doing this with mmap would probably be cleaner
                    # Create a sufficiently large (dynamically resizable?)
                    # memory map so that we can seek and write the file accordingly
                    #
                    # SystemError: mmap: resizing not available--no mremap()

                    chopped_file = {}

                    for mdata in data['present']:
                        rdata = addr_space.base.read(mdata[0], mdata[2])
                        chopped_file[mdata[1]] = rdata

                    task_xml = "".join(part[1] for part in sorted(chopped_file.items(), key=lambda x: x[0]))

                    parsed = self.parse_task_xml(task_xml, name)

                    if parsed:
                        args = parsed['Actions']['Exec'].get("Arguments", None)
                        if args:
                            parsed['Actions']['Exec']['Command'] += " {}".format(args)
                        pids = self.find_pids_for_imagepath(parsed['Actions']['Exec']['Command'])
                        parsed_tasks.append((name.split('\\')[-1], parsed, task_xml, pids))

        except Exception as e:
            debug.warning('get_tasks() failed to complete. Exception: {0} {1}'.format(type(e).__name__, e.args))

        debug.debug('Finished get_tasks()')
        return parsed_tasks 
开发者ID:tomchop,项目名称:volatility-autoruns,代码行数:51,代码来源:autoruns.py


注:本文中的volatility.plugins.filescan.FileScan方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。