当前位置: 首页>>代码示例>>Python>>正文


Python utils.Hexdump方法代码示例

本文整理汇总了Python中volatility.utils.Hexdump方法的典型用法代码示例。如果您正苦于以下问题:Python utils.Hexdump方法的具体用法?Python utils.Hexdump怎么用?Python utils.Hexdump使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在volatility.utils的用法示例。


在下文中一共展示了utils.Hexdump方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: generator

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def generator(self, data):
        first = True
        for data_raw, ap in data:
            if first and hasattr(ap, "Enabled"):
                first = False
                audit = "Disabled"
                if int(ap.Enabled) != 0:
                    audit = "Enabled"
                yield (0, ["GeneralAuditing", audit])
            for k in ap.members.keys():
                if k != "Enabled":
                    yield (0, ["{0}".format(k), "{0}".format(ap.m(k))])

            if self._config.HEX:
                # for now, not sure how to handle hexdump data
                raw = "\n".join(["{0:010x}: {1:<48}  {2}".format(o, h, ''.join(c)) for o, h, c in utils.Hexdump(data_raw)])
                print raw 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:19,代码来源:auditpol.py

示例2: get_alloc

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def get_alloc(self, addr_space):
        '''
        Mimics the Volatility malfind plugin
        '''
        import volatility.plugins.malware.malfind as malfind
        import volatility.utils as utils

        mfind = malfind.Malfind(self.vol.config)
        for task in mfind.calculate():  
            for vad, address_space in task.get_vads(vad_filter=task._injection_filter):
                if mfind._is_vad_empty(vad, address_space):
                    continue
                content = address_space.zread(vad.Start, 16)    
                content = "{0}".format("\n".join(
                    ["{0:<48}  {1}".format(h, ''.join(c))
                    for o, h, c in utils.Hexdump(content)
                    ]))
                offset = "{0:#x}".format(vad.Start)
                yield Injection(task, vad, offset, content) 
开发者ID:504ensicsLabs,项目名称:DAMM,代码行数:21,代码来源:injections.py

示例3: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        for device in data:
            ext = device.DeviceExtension.dereference_as("EXTENSION")
            if not ext.is_valid():
                continue
            outfd.write("Container: {0}\n".format(ext.wszVolume))
            outfd.write("Hidden Volume: {0}\n".format("Yes" if ext.cryptoInfo.hiddenVolume == 1 else "No"))
            outfd.write("Removable: {0}\n".format("Yes" if ext.bRemovable == 1 else "No"))
            outfd.write("Read Only: {0}\n".format("Yes" if ext.bReadOnly == 1 else "No"))
            outfd.write("Disk Length: {0} (bytes)\n".format(ext.DiskLength))
            outfd.write("Host Length: {0} (bytes)\n".format(ext.HostLength))
            outfd.write("Encryption Algorithm: {0}\n".format(ext.cryptoInfo.ea))
            outfd.write("Mode: {0}\n".format(ext.cryptoInfo.mode))
            outfd.write("Master Key\n")
            key = device.obj_vm.read(ext.cryptoInfo.master_keydata.obj_offset, 64)
            addr = ext.cryptoInfo.master_keydata.obj_offset
            outfd.write("{0}\n".format("\n".join(
                    ["{0:#010x}  {1:<48}  {2}".format(addr + o, h, ''.join(c))
                    for o, h, c in utils.Hexdump(key)
                    ])))
            if self._config.DUMP_DIR:
                if not os.path.isdir(self._config.DUMP_DIR):
                    debug.error("The path {0} is not a valid directory".format(self._config.DUMP_DIR))
                name = "{0:#x}_master.key".format(addr)
                keyfile = os.path.join(self._config.DUMP_DIR, name)
                with open(keyfile, "wb") as handle:
                    handle.write(key)
                outfd.write("Dumped {0} bytes to {1}\n".format(len(key), keyfile))
            outfd.write("\n") 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:31,代码来源:tcaudit.py

示例4: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        for task, address, hit, buf in data:
            if task:
                outfd.write("Task: {0} pid {1} rule {2} addr {3:#x}\n".format(
                    task.comm, task.pid, hit.rule, address))
            else:
                outfd.write("[kernel] rule {0} addr {1:#x}\n".format(hit.rule, address))
            
            outfd.write("".join(["{0:#010x}  {1:<48}  {2}\n".format(
                address + o, h, ''.join(c)) for o, h, c in utils.Hexdump(buf)])) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:12,代码来源:linux_yarascan.py

示例5: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        for task, address, hit, buf in data:
            if task:
                outfd.write("Task: {0} pid {1} rule {2} addr {3:#x}\n".format(
                    task.p_comm, task.p_pid, hit.rule, address))
            else:
                outfd.write("[kernel] rule {0} addr {1:#x}\n".format(hit.rule, address))
            
            outfd.write("".join(["{0:#018x}  {1:<48}  {2}\n".format(
                address + o, h, ''.join(c)) for o, h, c in utils.Hexdump(buf)])) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:12,代码来源:mac_yarascan.py

示例6: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        for task in data:
            proc_as = task.get_process_address_space()

            bit_string = str(task.task.map.pmap.pm_task_map or '')[9:]

            if bit_string == "64BIT":
                bits = '64bit'
            else:
                bits = '32bit'

            for map in task.get_proc_maps():
                if map.is_suspicious():
                    fname = map.get_path()                    
                    prots = map.get_perms()

                    content = proc_as.zread(map.start, 64)

                    outfd.write("Process: {0} Pid: {1} Address: {2:#x} File: {3}\n".format(
                        task.p_comm, task.p_pid, map.start, fname))

                    outfd.write("Protection: {0}\n".format(prots))

                    outfd.write("\n")

                    outfd.write("{0}\n".format("\n".join(
                        ["{0:#010x}  {1:<48}  {2}".format(map.start + o, h, ''.join(c))
                        for o, h, c in utils.Hexdump(content)
                        ])))

                    outfd.write("\n")
                    outfd.write("\n".join(
                        ["{0:#x} {1:<16} {2}".format(o, h, i)
                        for o, i, h in malfind.Disassemble(content, map.start, bits = bits)
                        ]))
                
                    outfd.write("\n\n") 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:39,代码来源:malfind.py

示例7: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        for k in data:
            outfd.write(k + "\n")
            for offset, hex, chars in utils.Hexdump(data[k]):
                outfd.write("{0:#010x}  {1:<48}  {2}\n".format(offset, hex, ''.join(chars)))
            outfd.write("\n") 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:8,代码来源:lsadump.py

示例8: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        for data_raw, ap in data:
            if self._config.HEX:
                raw = "\n".join(["{0:010x}: {1:<48}  {2}".format(o, h, ''.join(c)) for o, h, c in utils.Hexdump(data_raw)])
                outfd.write(raw + "\n\n")
            outfd.write("{0}\n".format(str(ap))) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:8,代码来源:auditpol.py

示例9: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        keyfound = False
        for win7, reg, key in data:
            if key:
                keyfound = True
                outfd.write("----------------------------\n")
                outfd.write("Registry: {0}\n".format(reg))
                outfd.write("Path: {0}\n".format(self.regapi.reg_get_key_path(key)))
                outfd.write("Last updated: {0}\n".format(key.LastWriteTime))
                outfd.write("\n")
                outfd.write("Subkeys:\n")
                for s in self.regapi.reg_get_all_subkeys(None, None, given_root = key):
                    if s.Name == None:
                        outfd.write("  Unknown subkey: " + s.Name.reason + "\n")
                    else:
                        outfd.write("  {0}\n".format(s.Name))
                outfd.write("\n")
                outfd.write("Values:\n")
                for subname, dat in self.regapi.reg_yield_values(None, None, given_root = key, thetype = "REG_BINARY"):
                    dat_raw = dat
                    dat = "\n".join(["{0:#010x}  {1:<48}  {2}".format(o, h, ''.join(c)) for o, h, c in utils.Hexdump(dat)])
                    try:
                        subname = subname.encode('rot_13')
                    except UnicodeDecodeError:
                        pass
                    if win7:
                        guid = subname.split("\\")[0]
                        if guid in folder_guids:
                            subname = subname.replace(guid, folder_guids[guid])
                    d = self.parse_data(dat_raw)
                    if d != None:
                        dat = "{0}Raw Data:\n{1}".format(d, dat)
                    else:
                        dat = "Raw Data:\n{0}".format(dat)
                    outfd.write("\n{0:13} {1:15} : {2}\n".format("REG_BINARY", subname, dat))
        if not keyfound:
            outfd.write("The requested key could not be found in the hive(s) searched\n") 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:39,代码来源:userassist.py

示例10: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        outfd.write("Legend: (S) = Stable   (V) = Volatile\n\n")
        keyfound = False
        for reg, key in data:
            if key:
                keyfound = True
                outfd.write("----------------------------\n")
                outfd.write("Registry: {0}\n".format(reg))
                outfd.write("Key name: {0} {1:3s}\n".format(key.Name, self.voltext(key)))
                outfd.write("Last updated: {0}\n".format(key.LastWriteTime))
                outfd.write("\n")
                outfd.write("Subkeys:\n")
                for s in rawreg.subkeys(key):
                    if s.Name == None:
                        outfd.write("  Unknown subkey: " + s.Name.reason + "\n")
                    else:
                        outfd.write("  {1:3s} {0}\n".format(s.Name, self.voltext(s)))
                outfd.write("\n")
                outfd.write("Values:\n")
                for v in rawreg.values(key):
                    tp, dat = rawreg.value_data(v)
                    if tp == 'REG_BINARY' or tp == 'REG_NONE':
                        dat = "\n" + "\n".join(["{0:#010x}  {1:<48}  {2}".format(o, h, ''.join(c)) for o, h, c in utils.Hexdump(dat)])
                    if tp in ['REG_SZ', 'REG_EXPAND_SZ', 'REG_LINK']:
                        dat = dat.encode("ascii", 'backslashreplace')
                    if tp == 'REG_MULTI_SZ':
                        for i in range(len(dat)):
                            dat[i] = dat[i].encode("ascii", 'backslashreplace')
                    outfd.write("{0:13} {1:15} : {3:3s} {2}\n".format(tp, v.Name, dat, self.voltext(v)))
        if not keyfound:
            outfd.write("The requested key could not be found in the hive(s) searched\n") 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:33,代码来源:printkey.py

示例11: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):

        if self._config.DUMP_DIR and not os.path.isdir(self._config.DUMP_DIR):
            debug.error(self._config.DUMP_DIR + " is not a directory")
        for o, addr, hit, content in data:
            outfd.write("Rule: {0}\n".format(hit.rule))

            # Find out if the hit is from user or kernel mode
            if o == None:
                outfd.write("Owner: (Unknown Kernel Memory)\n")
                filename = "kernel.{0:#x}.dmp".format(addr)
            elif o.obj_name == "_EPROCESS":
                outfd.write("Owner: Process {0} Pid {1}\n".format(o.ImageFileName,
                    o.UniqueProcessId))
                filename = "process.{0:#x}.{1:#x}.dmp".format(o.obj_offset, addr)
            else:
                outfd.write("Owner: {0}\n".format(o.BaseDllName))
                filename = "kernel.{0:#x}.{1:#x}.dmp".format(o.obj_offset, addr)

            # Dump the data if --dump-dir was supplied
            if self._config.DUMP_DIR:
                path = os.path.join(self._config.DUMP_DIR, filename)
                fh = open(path, "wb")
                fh.write(content)
                fh.close()

            outfd.write("".join(
                ["{0:#010x}  {1:<48}  {2}\n".format(addr + o, h, ''.join(c))
                for o, h, c in utils.Hexdump(content)
                ]))

#--------------------------------------------------------------------------------
# malfind
#-------------------------------------------------------------------------------- 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:36,代码来源:malfind.py

示例12: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):

        for task, struct_base, key in data:
            hex = "\n".join(["{0:#010x}  {1:<48}  {2}".format(
                            struct_base + 0x2a + o, 
                            h, ''.join(c)) for o, h, c in utils.Hexdump(key)
                            ])
            outfd.write("Process: {0} {1}\n".format(
                task.UniqueProcessId, task.ImageFileName))
            outfd.write(hex)
            outfd.write("\n")

#--------------------------------------------------------------------------------
# Scanner for Zeus >= 2.0 
#-------------------------------------------------------------------------------- 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:17,代码来源:zeusscan.py

示例13: render_extra

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_extra(self, outfd, task, vad, params):
        """Show any Zeus specific fields"""

        rc4_offset = task.obj_vm.profile.get_obj_offset(self.magic_struct, 'rc4key')
        creds_key = params['decoded_magic'][rc4_offset:rc4_offset + RC4_KEYSIZE]

        outfd.write("{0:<30} : \n{1}\n".format("Credential RC4 key", 
                "\n".join(
                ["{0:#010x}  {1:<48}  {2}".format(vad.Start + o, h, ''.join(c))
                for o, h, c in utils.Hexdump(creds_key)
                ]))) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:13,代码来源:zeusscan.py

示例14: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        outfd.write("Legend: (S) = Stable   (V) = Volatile\n\n")
        keyfound = False
        for reg, key in data:
            if key:
                keyfound = True
                outfd.write("----------------------------\n")
                outfd.write("Registry: {0}\n".format(reg))
                outfd.write("Key name: {0} {1:3s}\n".format(key.Name, self.voltext(key)))
                outfd.write("Last updated: {0}\n".format(key.LastWriteTime))
                outfd.write("\n")
                outfd.write("Subkeys:\n")
                for s in rawreg.subkeys(key):
                    if s.Name == None:
                        outfd.write("  Unknown subkey at {0:#x}\n".format(s.obj_offset))
                    else:
                        outfd.write("  {1:3s} {0}\n".format(s.Name, self.voltext(s)))
                outfd.write("\n")
                outfd.write("Values:\n")
                for v in rawreg.values(key):
                    tp, dat = rawreg.value_data(v)
                    if tp == 'REG_BINARY' or tp == 'REG_NONE':
                        dat = "\n" + "\n".join(["{0:#010x}  {1:<48}  {2}".format(o, h, ''.join(c)) for o, h, c in utils.Hexdump(dat)])
                    if tp in ['REG_SZ', 'REG_EXPAND_SZ', 'REG_LINK']:
                        dat = dat.encode("ascii", 'backslashreplace')
                    if tp == 'REG_MULTI_SZ':
                        for i in range(len(dat)):
                            dat[i] = dat[i].encode("ascii", 'backslashreplace')
                    outfd.write("{0:13} {1:15} : {3:3s} {2}\n".format(tp, v.Name, dat, self.voltext(v)))
        if not keyfound:
            outfd.write("The requested key could not be found in the hive(s) searched\n") 
开发者ID:volatilityfoundation,项目名称:volatility,代码行数:33,代码来源:printkey.py

示例15: render_text

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import Hexdump [as 别名]
def render_text(self, outfd, data):
        for device in data:
            ext = device.DeviceExtension.dereference_as("EXTENSION")
            outfd.write("Container: {0}\n".format(ext.wszVolume))
            outfd.write("Hidden Volume: {0}\n".format("Yes" if ext.cryptoInfo.hiddenVolume == 1 else "No"))
            outfd.write("Removable: {0}\n".format("Yes" if ext.bRemovable == 1 else "No"))
            outfd.write("Read Only: {0}\n".format("Yes" if ext.bReadOnly == 1 else "No"))
            outfd.write("Disk Length: {0} (bytes)\n".format(ext.DiskLength))
            outfd.write("Host Length: {0} (bytes)\n".format(ext.HostLength))
            outfd.write("Encryption Algorithm: {0}\n".format(ext.cryptoInfo.ea))
            outfd.write("Mode: {0}\n".format(ext.cryptoInfo.mode))
            outfd.write("Master Key\n")
            key = device.obj_vm.read(ext.cryptoInfo.master_keydata.obj_offset, 64)
            addr = ext.cryptoInfo.master_keydata.obj_offset
            outfd.write("{0}\n".format("\n".join(
                    ["{0:#010x}  {1:<48}  {2}".format(addr + o, h, ''.join(c))
                    for o, h, c in utils.Hexdump(key)
                    ])))
            if self._config.DUMP_DIR:
                if not os.path.isdir(self._config.DUMP_DIR):
                    debug.error("The path {0} is not a valid directory".format(self._config.DUMP_DIR))
                name = "{0:#x}_master.key".format(addr)
                keyfile = os.path.join(self._config.DUMP_DIR, name)
                with open(keyfile, "wb") as handle:
                    handle.write(key)
                outfd.write("Dumped {0} bytes to {1}\n".format(len(key), keyfile))
            outfd.write("\n") 
开发者ID:vortessence,项目名称:vortessence,代码行数:29,代码来源:tcaudit.py


注:本文中的volatility.utils.Hexdump方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。