本文整理汇总了Python中volatility.registry.get_plugin_classes方法的典型用法代码示例。如果您正苦于以下问题:Python registry.get_plugin_classes方法的具体用法?Python registry.get_plugin_classes怎么用?Python registry.get_plugin_classes使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类volatility.registry的用法示例。
在下文中一共展示了registry.get_plugin_classes方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _set_profile
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def _set_profile(self, profile_name):
## Load the required profile
if profile_name == None:
raise ASAssertionError, "You must set a profile!"
if profile_name in PROFILES:
ret = PROFILES[profile_name]
else:
profs = registry.get_plugin_classes(obj.Profile)
if profile_name in profs:
ret = profs[profile_name]()
PROFILES[profile_name] = ret
else:
raise ASAssertionError, "Invalid profile " + profile_name + " selected"
if not self.is_valid_profile(ret):
raise ASAssertionError, "Incompatible profile " + profile_name + " selected"
return ret 示例2: print_info
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def print_info():
""" Returns the results """
categories = {addrspace.BaseAddressSpace: 'Address Spaces',
commands.Command : 'Plugins',
obj.Profile: 'Profiles',
scan.ScannerCheck: 'Scanner Checks'}
for c, n in sorted(categories.items()):
lower = (c == commands.Command)
plugins = registry.get_plugin_classes(c, lower = lower)
print "\n"
print "{0}".format(n)
print "-" * len(n)
result = []
max_length = 0
for clsname, cls in sorted(plugins.items()):
try:
doc = cls.__doc__.strip().splitlines()[0]
except AttributeError:
doc = 'No docs'
result.append((clsname, doc))
max_length = max(len(clsname), max_length)
for (name, doc) in result:
print "{0:{2}} - {1:15}".format(name, doc, max_length) 示例3: list_plugins
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def list_plugins(self):
"""
list of plugins valid for the selected profile
:return:
"""
plugin_list = []
cmds = registry.get_plugin_classes(commands.Command, lower=True)
profs = registry.get_plugin_classes(obj.Profile)
profile_type = self.config.PROFILE
if profile_type not in profs:
print "Not a valid profile"
profile = profs[profile_type]()
for cmdname in sorted(cmds):
command = cmds[cmdname]
helpline = command.help() or ''
if command.is_valid_profile(profile):
plugin_list.append([cmdname, helpline])
return plugin_list 示例4: check_valid_profile
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def check_valid_profile(option, _opt_str, value, parser):
"""Checks to make sure the selected profile is valid"""
# PROFILES may not have been created yet,
# but the callback should get called once it has
# during the final parse of the config options
profs = registry.get_plugin_classes(obj.Profile)
if profs:
try:
profs[value]
except KeyError:
debug.error("Invalid profile " + value + " selected")
setattr(parser.values, option.dest, value) 示例5: load_as
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def load_as(config, astype = 'virtual', **kwargs):
"""Loads an address space by stacking valid ASes on top of each other (priority order first)"""
base_as = None
error = exceptions.AddrSpaceError()
# Start off requiring another round
found = True
## A full iteration through all the classes without anyone
## selecting us means we are done:
while found:
debug.debug("Voting round")
found = False
for cls in sorted(registry.get_plugin_classes(addrspace.BaseAddressSpace).values(),
key = lambda x: x.order if hasattr(x, 'order') else 10):
debug.debug("Trying {0} ".format(cls))
try:
base_as = cls(base_as, config, astype = astype, **kwargs)
debug.debug("Succeeded instantiating {0}".format(base_as))
found = True
break
except addrspace.ASAssertionError, e:
debug.debug("Failed instantiating {0}: {1}".format(cls.__name__, e), 2)
error.append_reason(cls.__name__, e)
continue
except Exception, e:
debug.debug("Failed instantiating (exception): {0}".format(e))
error.append_reason(cls.__name__ + " - EXCEPTION", e)
continue 示例6: _run_all_checks
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def _run_all_checks(self, checks, pool_header):
"""Execute all constraint checks.
@param checks: a dictionary with check names as keys and
another dictionary of arguments as the values.
@param pool_header: the target _POOL_HEADER to check
@returns False if any checks fail, otherwise True.
"""
for check, args in checks:
if check == "CheckPoolSize":
if not self._check_pool_size(args, pool_header):
return False
elif check == "CheckPoolType":
if not self._check_pool_type(args, pool_header):
return False
elif check == "CheckPoolIndex":
if not self._check_pool_index(args, pool_header):
return False
else:
custom_check = registry.get_plugin_classes(scan.ScannerCheck)[check](pool_header.obj_vm, **args)
return custom_check.check(pool_header.PoolTag.obj_offset)
return True 示例7: list_plugins
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def list_plugins():
result = "\n\tSupported Plugin Commands:\n\n"
cmds = registry.get_plugin_classes(commands.Command, lower = True)
profs = registry.get_plugin_classes(obj.Profile)
if config.PROFILE == None:
config.update("PROFILE", "WinXPSP2x86")
if config.PROFILE not in profs:
raise BaseException("Invalid profile " + config.PROFILE + " selected")
profile = profs[config.PROFILE]()
wrongprofile = ""
for cmdname in sorted(cmds):
command = cmds[cmdname]
helpline = command.help() or ''
## Just put the title line (First non empty line) in this
## abbreviated display
for line in helpline.splitlines():
if line:
helpline = line
break
if command.is_valid_profile(profile):
result += "\t\t{0:15}\t{1}\n".format(cmdname, helpline)
else:
wrongprofile += "\t\t{0:15}\t{1}\n".format(cmdname, helpline)
if wrongprofile and config.VERBOSE:
result += "\n\tPlugins requiring a different profile:\n\n"
result += wrongprofile
return result 示例8: modification
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def modification(self, profile):
profiles = registry.get_plugin_classes(obj.Profile)
meta = profile.metadata
# find the equivalent 32-bit profile to this 64-bit profile.
# the prof._md_build + 1 accounts for a poor decision we made
# a while back where we added + 1 to the build number for
# server-based profiles as a method to distinguish between
# client vs server in a plugin.
profile_32bit = None
for prof in profiles.values():
if (prof._md_os == "windows" and
prof._md_major == meta.get("major") and
prof._md_minor == meta.get("minor") and
((prof._md_build == meta.get("build")) or (prof._md_build + 1 == meta.get("build"))) and
prof._md_memory_model == "32bit"):
profile_32bit = prof()
break
if profile_32bit == None:
debug.warning("Cannot find a 32-bit equivalent profile. The "\
"WoW64 plugins (dlllist, ldrmodules, etc) may not work.")
return
profile.vtypes.update({
"_PEB32_LDR_DATA": self.cast_as_32bit(profile_32bit.vtypes["_PEB_LDR_DATA"]),
"_LDR32_DATA_TABLE_ENTRY": self.cast_as_32bit(profile_32bit.vtypes["_LDR_DATA_TABLE_ENTRY"]),
'_UNICODE32_STRING': self.cast_as_32bit(profile_32bit.vtypes["_UNICODE_STRING"]),
})
profile.object_classes.update({
"_LDR32_DATA_TABLE_ENTRY": pe_vtypes._LDR_DATA_TABLE_ENTRY,
"_UNICODE32_STRING": windows._UNICODE_STRING,
"LIST_ENTRY32": LIST_ENTRY32,
})
profile.merge_overlay({
'_PEB32': [None, {
'Ldr': [None, ['pointer32', ['_PEB32_LDR_DATA']]],
}]}) 示例9: execute
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def execute(self):
""" Executes the plugin command."""
# Check we can support the plugins
profs = registry.get_plugin_classes(obj.Profile)
# force user to give a profile if a plugin
# other than kdbgscan or imageinfo are given:
if self.__class__.__name__.lower() in ["kdbgscan", "imageinfo"] and self._config.PROFILE == None:
self._config.update("PROFILE", "WinXPSP2x86")
elif self._config.PROFILE == None:
debug.error("You must set a profile!")
if self._config.PROFILE not in profs:
debug.error("Invalid profile " + self._config.PROFILE + " selected")
if not self.is_valid_profile(profs[self._config.PROFILE]()):
debug.error("This command does not support the profile " + self._config.PROFILE)
# # Executing plugins is done in two stages - first we calculate
data = self.calculate()
## Then we render the result in some way based on the
## requested output mode:
function_name = "render_{0}".format(self._config.OUTPUT)
if self._config.OUTPUT_FILE:
outfd = open(self._config.OUTPUT_FILE, 'w')
# TODO: We should probably check that this won't blat over an existing file
else:
outfd = sys.stdout
try:
func = getattr(self, function_name)
except AttributeError:
## Try to find out what formats are supported
result = []
for x in dir(self):
if x.startswith("render_"):
_a, b = x.split("_", 1)
result.append(b)
print "Plugin {0} is unable to produce output in format {1}. Supported formats are {2}. Please send a feature request".format(self.__class__.__name__, self._config.OUTPUT, result)
return
func(outfd, data) 示例10: guess_profile
# 需要导入模块: from volatility import registry [as 别名]
# 或者: from volatility.registry import get_plugin_classes [as 别名]
def guess_profile(self, memimg):
'''
Using one of the user-specified memory image files, try to guess a
working Volatility profile. This can easily take on the order of
minutes.
@memimg: a memory image file name
@return: the guessed Volatiltiy profile string
'''
sys.stderr.write("Auto configuring profile. This may take a some time.\n")
self.set_memimg(memimg)
# Must set a dummy profile or volatility dies
self.set_profile('WinXPSP2x86')
chosen = None
profilelist = [p.__name__ for p in registry.get_plugin_classes(obj.Profile).values()]
for profile in profilelist:
self.config.update('profile', profile)
addr_space = utils.load_as(self.config, astype='any')
if hasattr(addr_space, "dtb"):
chosen = profile
break
return chosen