当前位置: 首页>>代码示例>>Python>>正文

Python taskmods.DllList方法代码示例

本文整理汇总了Python中volatility.plugins.taskmods.DllList方法的典型用法代码示例。如果您正苦于以下问题:Python taskmods.DllList方法的具体用法?Python taskmods.DllList怎么用?Python taskmods.DllList使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在volatility.plugins.taskmods的用法示例。


在下文中一共展示了taskmods.DllList方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option("ALL", short_option = 'A', default = False, action = 'store_true',
                        help = 'Scan both process and kernel memory')                
        config.add_option("CASE", short_option = 'C', default = False, action = 'store_true',
                        help = 'Make the search case insensitive')        
        config.add_option("KERNEL", short_option = 'K', default = False, action = 'store_true',
                        help = 'Scan kernel modules')
        config.add_option("WIDE", short_option = 'W', default = False, action = 'store_true',
                        help = 'Match wide (unicode) strings')
        config.add_option('YARA-RULES', short_option = 'Y', default = None,
                        help = 'Yara rules (as a string)')
        config.add_option('YARA-FILE', short_option = 'y', default = None,
                        help = 'Yara rules (rules file)')
        config.add_option('DUMP-DIR', short_option = 'D', default = None,
                        help = 'Directory in which to dump the files')
        config.add_option('SIZE', short_option = 's', default = 256,
                          help = 'Size of preview hexdump (in bytes)',
                          action = 'store', type = 'int')
        config.add_option('REVERSE', short_option = 'R', default = 0,
                          help = 'Reverse this number of bytes',
                          action = 'store', type = 'int')
        config.add_option('MAX-SIZE', short_option = 'M', default = 0x40000000, 
                          action = 'store', type = 'long', 
                          help = 'Set the maximum size (default is 1GB)')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:27,代码来源:malfind.py

示例2: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option("ALL", short_option = 'A', default = False, action = 'store_true',
                        help = 'Scan both process and kernel memory')                
        config.add_option("CASE", short_option = 'C', default = False, action = 'store_true',
                        help = 'Make the search case insensitive')        
        config.add_option("KERNEL", short_option = 'K', default = False, action = 'store_true',
                        help = 'Scan kernel modules')
        config.add_option("WIDE", short_option = 'W', default = False, action = 'store_true',
                        help = 'Match wide (unicode) strings')
        config.add_option('YARA-RULES', short_option = 'Y', default = None,
                        help = 'Yara rules (as a string)')
        config.add_option('YARA-FILE', short_option = 'y', default = None,
                        help = 'Yara rules (rules file)')
        config.add_option('DUMP-DIR', short_option = 'D', default = None,
                        help = 'Directory in which to dump the files')
        config.add_option('SIZE', short_option = 's', default = 256,
                          help = 'Size of preview hexdump (in bytes)',
                          action = 'store', type = 'int')
        config.add_option('REVERSE', short_option = 'R', default = 0,
                          help = 'Reverse this number of bytes',
                          action = 'store', type = 'int')
开发者ID:vortessence,项目名称:vortessence,代码行数:24,代码来源:malfind.py

示例3: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option("VERBOSE", short_option = 'v',
                          default = False, cache_invalidator = False,
                          help = "Display full path of executable",
                          action = "store_true")
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:8,代码来源:cmdline.py

示例4: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option("DUMP-DIR", short_option = "D", default = None, 
            help = "Dump binary data to this directory")
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:6,代码来源:notepad.py

示例5: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option('DUMP-DIR', short_option = 'D', default = None,
                          cache_invalidator = False,
                          help = 'Directory in which to dump executable files')

        config.add_option("UNSAFE", short_option = "u", default = False, action = 'store_true',
                          help = 'Bypasses certain sanity checks when creating image')
        config.add_option("MEMORY", short_option = "m", default = False, action = 'store_true',
                          help = "Carve as a memory sample rather than exe/disk")
        config.add_option('FIX', short_option = 'x', default = False,
                          help = 'Modify the image base of the dump to the in-memory base address',
                          action = 'store_true')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:15,代码来源:procdump.py

示例6: calculate

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def calculate(self):
        if self._config.DUMP_DIR == None:
            debug.error("Please specify a dump directory (--dump-dir)")
        if not os.path.isdir(self._config.DUMP_DIR):
            debug.error(self._config.DUMP_DIR + " is not a directory")

        return taskmods.DllList.calculate(self)
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:9,代码来源:procdump.py

示例7: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option("PHYSICAL-OFFSET", short_option = 'P', default = False,
                          help = "Physical Offset", action = "store_true")
        config.add_option("OBJECT-TYPE", short_option = 't', default = None,
                          help = 'Show these object types (comma-separated)',
                          action = 'store', type = 'str')
        config.add_option("SILENT", short_option = 's', default = False,
                          action = 'store_true', help = 'Suppress less meaningful results')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:11,代码来源:handles.py

示例8: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option('ADDR', short_option = 'a', default = None,
                          help = 'Show info on VAD at or containing this address',
                          action = 'store', type = 'int')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:7,代码来源:vadinfo.py

示例9: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option("PHYSICAL-OFFSET", short_option = 'P', 
                          default = False, cache_invalidator = False, 
                          help = "Display physical offsets instead of virtual", 
                          action = "store_true")
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:8,代码来源:joblinks.py

示例10: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args):
        taskmods.DllList.__init__(self, config, *args)
        config.add_option("SILENT", short_option = "s", default = False,
                          help = "Suppress less meaningful results",
                          action = "store_true")
        config.add_option('REGEX', short_option = 'r',
                          help = 'Show privileges matching REGEX',
                          action = 'store', type = 'string')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:10,代码来源:privileges.py

示例11: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.add_option("LEAK", short_option = 'L', 
                        default = False, action = 'store_true',
                        help = 'Find LEAK records (deleted)')
        config.add_option("REDR", short_option = 'R', 
                        default = False, action = 'store_true',
                        help = 'Find REDR records (redirected)')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:10,代码来源:iehistory.py

示例12: calculate

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def calculate(self):
        ## Select the tags to scan for. Always find visited URLs,
        ## but make freed and redirected records optional. 
        tags = ["URL ", "DEST"]
        if self._config.LEAK:
            tags.append("LEAK")
        if self._config.REDR:
            tags.append("REDR")
            
        tags = ["DEST"]

        ## Define the record type based on the tag
        tag_records = {
            "URL " : "_URL_RECORD", 
            "LEAK" : "_URL_RECORD", 
            "REDR" : "_REDR_RECORD",
            "DEST" : "_DEST_RECORD"}
 
        vad_filter = lambda x : (hasattr(x, 'ControlArea') and str(x.FileObject.FileName or '').endswith("index.dat")) or (x.VadFlags.Protection.v() == 4)  

        ## Enumerate processes based on the --pid and --offset 
        for proc in taskmods.DllList(self._config).calculate():
        
            ## Acquire a process specific AS
            ps_as = proc.get_process_address_space()
            
            for hit in proc.search_process_memory(tags, vad_filter = vad_filter):
                ## Get a preview of the data to see what tag was detected 
                tag = ps_as.read(hit, 4)

                ## Create the appropriate object type based on the tag 
                record = obj.Object(tag_records[tag], offset = hit, vm = ps_as)
                if record.is_valid():
                    yield proc, record
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:36,代码来源:iehistory.py

示例13: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        self.bits32 = None
        config.add_option("FILTER", short_option = 'F', default = None,
                            help = 'Tags to filter (comma-separated)')

        config.add_option("LISTTAGS", short_option = 'L', default = False,
                          action = 'store_true', help = 'List all available tags')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:10,代码来源:threads.py

示例14: __init__

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def __init__(self, config, *args, **kwargs):
        taskmods.DllList.__init__(self, config, *args, **kwargs)
        config.remove_option("PID")
        config.remove_option("OFFSET")
        config.add_option("SCAN", short_option = 's', default = False,
                          action = 'store_true', help = 'Scan for objects')
        config.add_option("PROCESS-ONLY", short_option = 'P', default = False,
                          action = 'store_true', help = 'Process only')
        config.add_option("KERNEL-ONLY", short_option = 'K', default = False,
                          action = 'store_true', help = 'Kernel only')
        config.add_option("IMPORT-ONLY", short_option = 'I', default = False,
                          action = 'store_true', help = 'Imports only')
        config.add_option("EXPORT-ONLY", short_option = 'E', default = False,
                          action = 'store_true', help = 'Exports only')
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:16,代码来源:enumfunc.py

示例15: calculate

# 需要导入模块: from volatility.plugins import taskmods [as 别名]
# 或者: from volatility.plugins.taskmods import DllList [as 别名]
def calculate(self):
        ## Select the tags to scan for. Always find visited URLs,
        ## but make freed and redirected records optional. 
        tags = ["URL ", "DEST"]
        if self._config.LEAK:
            tags.append("LEAK")
        if self._config.REDR:
            tags.append("REDR")

        ## Define the record type based on the tag
        tag_records = {
            "URL " : "_URL_RECORD", 
            "LEAK" : "_URL_RECORD", 
            "REDR" : "_REDR_RECORD",
            "DEST" : "_DEST_RECORD"}
 
        vad_filter = lambda x : (hasattr(x, 'ControlArea') and str(x.FileObject.FileName or '').endswith("index.dat")) or (x.VadFlags.Protection.v() == 4)  

        ## Enumerate processes based on the --pid and --offset 
        for proc in taskmods.DllList(self._config).calculate():
        
            ## Acquire a process specific AS
            ps_as = proc.get_process_address_space()
            
            for hit in proc.search_process_memory(tags, vad_filter = vad_filter):
                ## Get a preview of the data to see what tag was detected 
                tag = ps_as.read(hit, 4)

                ## Create the appropriate object type based on the tag 
                record = obj.Object(tag_records[tag], offset = hit, vm = ps_as)
                if record.is_valid():
                    yield proc, record
开发者ID:volatilityfoundation,项目名称:volatility,代码行数:34,代码来源:iehistory.py


注:本文中的volatility.plugins.taskmods.DllList方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。