当前位置: 首页>>代码示例>>Python>>正文


Python utils.iterfind方法代码示例

本文整理汇总了Python中volatility.utils.iterfind方法的典型用法代码示例。如果您正苦于以下问题:Python utils.iterfind方法的具体用法?Python utils.iterfind怎么用?Python utils.iterfind使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在volatility.utils的用法示例。


在下文中一共展示了utils.iterfind方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: scan

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def scan(self, address_space, offset = None, maxlen = None):

        if offset is None:
            current_offset = 0
        else:
            current_offset = offset

        for (range_start, range_size) in sorted(address_space.get_available_addresses()):
            # Jump to the next available point to scan from
            # self.base_offset jumps up to be at least range_start
            current_offset = max(range_start, current_offset)
            range_end = range_start + range_size

            # If we have a maximum length, we make sure it's less than the range_end
            if maxlen is not None:
                range_end = min(range_end, current_offset + maxlen)

            while (current_offset < range_end):
                # We've now got range_start <= self.base_offset < range_end

                # Figure out how much data to read
                l = min(constants.SCAN_BLOCKSIZE + self.overlap, range_end - current_offset)

                data = address_space.zread(current_offset, l)

                for needle in self.needles:
                    for addr in utils.iterfind(data, needle):
                        # this scanner yields the matched pool tag as well as
                        # the offset, to save the caller from having to perform 
                        # another .read() just to see which tag was matched
                        yield data[addr:addr+4], addr + current_offset

                current_offset += min(constants.SCAN_BLOCKSIZE, l)

#--------------------------------------------------------------------------------
# The main interface / API for concurrent scans 
#-------------------------------------------------------------------------------- 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:39,代码来源:poolscan.py

示例2: search_process_memory

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory(self, s, heap_only = False):

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024
        
        # Make sure s in a list. This allows you to search for
        # multiple strings at once, without changing the API.
        if type(s) != list:
            debug.warning("Single strings to search_process_memory is deprecated, use a list instead")
            s = [s]

        scan_blk_sz = 1024 * 1024 * 10

        addr_space = self.get_process_address_space()
        if addr_space == None:
            return

        for vma in self.get_proc_maps():
            if heap_only:
                if not (vma.vm_start <= self.mm.start_brk and vma.vm_end >= self.mm.brk):
                    continue

            offset = vma.vm_start
            out_of_range = vma.vm_start + (vma.vm_end - vma.vm_start)
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(scan_blk_sz + overlap, out_of_range - offset)
                data = addr_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, scan_blk_sz) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:37,代码来源:linux.py

示例3: search_process_memory

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory(self, s):
        """Search process memory. 

        @param s: a list of strings like ["one", "two"]
        """

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024

        scan_blk_sz = 1024 * 1024 * 10
        addr_space = self.get_process_address_space()

        for vma in self.get_proc_maps():
            offset = vma.links.start
            out_of_range = vma.links.start + (vma.links.end - vma.links.start)
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(scan_blk_sz + overlap, out_of_range - offset)
                data = addr_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, scan_blk_sz) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:28,代码来源:mac.py

示例4: search_process_memory_rw_nofile

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory_rw_nofile(self, s):
        """Search process memory. 

        @param s: a list of strings like ["one", "two"]
        """

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024

        scan_blk_sz = 1024 * 1024 * 10
        addr_space = self.get_process_address_space()

        for vma in self.get_proc_maps():
            if vma.get_perms() != "rw-" or vma.get_path() != "":
                if vma.get_special_path() != "[heap]":
                    continue

            offset = vma.links.start
            out_of_range = vma.links.start + (vma.links.end - vma.links.start)
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(scan_blk_sz + overlap, out_of_range - offset)
                data = addr_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, scan_blk_sz) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:32,代码来源:mac.py

示例5: search_process_memory

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory(self, s, vad_filter = None):
        """
        Search memory for a simple byte string. 
        
        FIXME: as of 2.3 this parameter can also be a list to
        search for mutliple strings concurrently. The 
        single string will be deprecated in 3.0. 

        @param s: the string to search for.

        @returns every occurrance of the string 
        in process memory (as absolute address).
        """

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024
        
        # Make sure s in a list. This allows you to search for
        # multiple strings at once, without changing the API.
        if type(s) != list:
            debug.warning("Single strings to search_process_memory is deprecated, use a list instead")
            s = [s]

        # All MMVADs that belong to this process.
        for vad, address_space in self.get_vads(vad_filter, skip_max_commit = True):
            offset = vad.Start
            out_of_range = vad.Start + vad.Length
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(constants.SCAN_BLOCKSIZE + overlap, out_of_range - offset)
                data = address_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, constants.SCAN_BLOCKSIZE) 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:40,代码来源:windows.py

示例6: calculate

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def calculate(self):
        common.set_plugin_members(self)

        procs = pstasks.mac_tasks.calculate(self)

        for proc in procs:
            space = proc.get_process_address_space()
            for map in proc.get_proc_maps():

                # only read/write without filebacks 
                if not (map.get_perms() == "rw-" and not map.get_path()):
                    continue

                # check the header for sqlite3 signature 
                header = space.zread(map.links.start, 32)
                if "SQLite format" not in header:
                    continue

                # get the whole sqlite3 data now 
                data = space.zread(map.links.start, 
                                  map.links.end - map.links.start)
                
                for offset in utils.iterfind(data, ":ABPerson"):
                    person = obj.Object("String", 
                                        offset = map.links.start + offset, 
                                        vm = space, encoding = "utf8", 
                                        length = 256)
                    yield proc, person 
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:30,代码来源:contacts.py

示例7: search_process_memory

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory(self, s, heap_only = False):

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024
        
        # Make sure s in a list. This allows you to search for
        # multiple strings at once, without changing the API.
        if type(s) != list:
            debug.warning("Single strings to search_process_memory is deprecated, use a list instead")
            s = [s]

        scan_blk_sz = 1024 * 1024 * 10

        addr_space = self.get_process_address_space()
        if addr_space == None:
            return

        for vma in self.get_proc_maps():
            if heap_only:
                if not (vma.vm_start <= self.mm.brk and vma.vm_end >= self.mm.start_brk):
                    continue

            offset = vma.vm_start
            out_of_range = vma.vm_start + (vma.vm_end - vma.vm_start)
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(scan_blk_sz + overlap, out_of_range - offset)
                data = addr_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, scan_blk_sz) 
开发者ID:volatilityfoundation,项目名称:volatility,代码行数:37,代码来源:linux.py

示例8: search_process_memory

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory(self, s, heap_only = False):

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024
        
        # Make sure s in a list. This allows you to search for
        # multiple strings at once, without changing the API.
        if type(s) != list:
            debug.warning("Single strings to search_process_memory is deprecated, use a list instead")
            s = [s]

        scan_blk_sz = 1024 * 1024 * 10

        addr_space = self.get_process_address_space()

        for vma in self.get_proc_maps():
            if heap_only:
                if not (vma.vm_start <= self.mm.start_brk and vma.vm_end >= self.mm.brk):
                    continue

            offset = vma.vm_start
            out_of_range = vma.vm_start + (vma.vm_end - vma.vm_start)
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(scan_blk_sz + overlap, out_of_range - offset)
                data = addr_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, scan_blk_sz) 
开发者ID:vortessence,项目名称:vortessence,代码行数:35,代码来源:linux.py

示例9: search_process_memory_rw_nofile

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory_rw_nofile(self, s):
        """Search process memory. 

        @param s: a list of strings like ["one", "two"]
        """

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024

        scan_blk_sz = 1024 * 1024 * 10
        addr_space = self.get_process_address_space()

        for vma in self.get_proc_maps():
            if vma.get_perms() != "rw-" or vma.get_path() != "":
                continue

            offset = vma.links.start
            out_of_range = vma.links.start + (vma.links.end - vma.links.start)
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(scan_blk_sz + overlap, out_of_range - offset)
                data = addr_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, scan_blk_sz) 
开发者ID:vortessence,项目名称:vortessence,代码行数:31,代码来源:mac.py

示例10: search_process_memory

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def search_process_memory(self, s):
        """
        Search memory for a simple byte string. 
        
        FIXME: as of 2.3 this parameter can also be a list to
        search for mutliple strings concurrently. The 
        single string will be deprecated in 3.0. 

        @param s: the string to search for.

        @returns every occurrance of the string 
        in process memory (as absolute address).
        """

        # Allow for some overlap in case objects are 
        # right on page boundaries 
        overlap = 1024
        
        # Make sure s in a list. This allows you to search for
        # multiple strings at once, without changing the API.
        if type(s) != list:
            debug.warning("Single strings to search_process_memory is deprecated, use a list instead")
            s = [s]

        # All MMVADs that belong to this process.
        for vad, address_space in self.get_vads(skip_max_commit = True):
            offset = vad.Start
            out_of_range = vad.Start + vad.Length
            while offset < out_of_range:
                # Read some data and match it.
                to_read = min(constants.SCAN_BLOCKSIZE + overlap, out_of_range - offset)
                data = address_space.zread(offset, to_read)
                if not data:
                    break
                for x in s:
                    for hit in utils.iterfind(data, x):
                        yield offset + hit
                offset += min(to_read, constants.SCAN_BLOCKSIZE) 
开发者ID:vortessence,项目名称:vortessence,代码行数:40,代码来源:windows.py

示例11: scan

# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import iterfind [as 别名]
def scan(self, address_space, offset = None, maxlen = None):

        if offset is None:
            current_offset = 0
        else:
            current_offset = offset

        for (range_start, range_size) in sorted(address_space.get_available_addresses()):
            # Jump to the next available point to scan from
            # self.base_offset jumps up to be at least range_start
            current_offset = max(range_start, current_offset)
            range_end = range_start + range_size

            # If we have a maximum length, we make sure it's less than the range_end
            if maxlen is not None:
                range_end = min(range_end, offset + maxlen)

            while (current_offset < range_end):
                # We've now got range_start <= self.base_offset < range_end

                # Figure out how much data to read
                l = min(constants.SCAN_BLOCKSIZE + self.overlap, range_end - current_offset)

                data = address_space.zread(current_offset, l)

                for needle in self.needles:
                    for addr in utils.iterfind(data, needle):
                        # this scanner yields the matched pool tag as well as
                        # the offset, to save the caller from having to perform 
                        # another .read() just to see which tag was matched
                        yield data[addr:addr+4], addr + current_offset

                current_offset += min(constants.SCAN_BLOCKSIZE, l)

#--------------------------------------------------------------------------------
# The main interface / API for concurrent scans 
#-------------------------------------------------------------------------------- 
开发者ID:504ensicsLabs,项目名称:DAMM,代码行数:39,代码来源:poolscan.py


注:本文中的volatility.utils.iterfind方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。