本文整理汇总了Python中volatility.plugins.malware.malfind.BaseYaraScanner方法的典型用法代码示例。如果您正苦于以下问题:Python malfind.BaseYaraScanner方法的具体用法?Python malfind.BaseYaraScanner怎么用?Python malfind.BaseYaraScanner使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类volatility.plugins.malware.malfind的用法示例。
在下文中一共展示了malfind.BaseYaraScanner方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
# 需要导入模块: from volatility.plugins.malware import malfind [as 别名]
# 或者: from volatility.plugins.malware.malfind import BaseYaraScanner [as 别名]
def __init__(self, task = None, **kwargs):
"""Scan the process address space through the VMAs.
Args:
task: The task_struct object for this task.
"""
self.task = task
malfind.BaseYaraScanner.__init__(self,
address_space = task.get_process_address_space(),
**kwargs) 示例2: scan
# 需要导入模块: from volatility.plugins.malware import malfind [as 别名]
# 或者: from volatility.plugins.malware.malfind import BaseYaraScanner [as 别名]
def scan(self, offset = 0, maxlen = None):
profile = self.address_space.profile
offset = profile.get_obj_offset("PASSPHRASE", "MaxLength")
for vma in self.task.get_proc_maps():
# only scanning the process heap
if not (vma.vm_start <= self.task.mm.start_brk
and vma.vm_end >= self.task.mm.brk):
continue
for hit, address in malfind.BaseYaraScanner.scan(self,
vma.vm_start,
vma.vm_end - vma.vm_start):
# possible passphrase structure
passt = obj.Object("PASSPHRASE",
offset = address - offset,
vm = self.address_space)
# the sanity checks
if (passt and vma.vm_start <= passt.Text and
vma.vm_end >= passt.Text and
passt.Length > 0 and
passt.Length < passt.MaxLength):
password = passt.Text.dereference()
if len(password) != passt.Length:
continue
yield address, password 示例3: __init__
# 需要导入模块: from volatility.plugins.malware import malfind [as 别名]
# 或者: from volatility.plugins.malware.malfind import BaseYaraScanner [as 别名]
def __init__(self, task = None, **kwargs):
"""Scan the process address space through the VMAs.
Args:
task: The task_struct object for this task.
"""
self.task = task
malfind.BaseYaraScanner.__init__(self, address_space = task.get_process_address_space(), **kwargs) 示例4: scan
# 需要导入模块: from volatility.plugins.malware import malfind [as 别名]
# 或者: from volatility.plugins.malware.malfind import BaseYaraScanner [as 别名]
def scan(self, offset = 0, maxlen = None):
for vma in self.task.get_proc_maps():
for match in malfind.BaseYaraScanner.scan(self, vma.vm_start, vma.vm_end - vma.vm_start):
yield match 示例5: scan
# 需要导入模块: from volatility.plugins.malware import malfind [as 别名]
# 或者: from volatility.plugins.malware.malfind import BaseYaraScanner [as 别名]
def scan(self, offset = 0, maxlen = None, max_size = None):
for map in self.task.get_proc_maps():
length = map.links.end - map.links.start
if max_size and length > max_size:
debug.warning("Skipping max size entry {0:#x} - {1:#x}".format(map.links.start, map.links.end))
continue
for match in malfind.BaseYaraScanner.scan(self, map.links.start, length):
yield match