當前位置: 首頁>>代碼示例>>Python>>正文


Python obj.Curry方法代碼示例

本文整理匯總了Python中volatility.obj.Curry方法的典型用法代碼示例。如果您正苦於以下問題:Python obj.Curry方法的具體用法?Python obj.Curry怎麽用?Python obj.Curry使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在volatility.obj的用法示例。


在下文中一共展示了obj.Curry方法的3個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: determine_connections

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import Curry [as 別名]
def determine_connections(addr_space):
    """Determines all connections for each module"""
    all_modules = win32.modules.lsmod(addr_space)

    version = (addr_space.profile.metadata.get('major', 0),
               addr_space.profile.metadata.get('minor', 0))

    if version <= (5, 1):
        module_versions = module_versions_xp
    else:
        module_versions = module_versions_2003

    for m in all_modules:
        if str(m.BaseDllName).lower() == 'tcpip.sys':
            for attempt in module_versions:
                table_size = obj.Object(
                    "long",
                    offset = m.DllBase +
                             module_versions[attempt]['SizeOff'][0],
                    vm = addr_space)

                table_addr = obj.Object(
                    "address",
                    offset = m.DllBase +
                             module_versions[attempt]['TCBTableOff'][0],
                    vm = addr_space)

                if table_size > 0:
                    table = obj.Object("Array",
                        offset = table_addr, vm = addr_space,
                        count = table_size,
                        target = obj.Curry(obj.Pointer, '_TCPT_OBJECT'))

                    if table:
                        for entry in table:
                            conn = entry.dereference()
                            seen = set()
                            while conn.is_valid() and conn.obj_offset not in seen:
                                yield conn
                                seen.add(conn.obj_offset)
                                conn = conn.Next.dereference() 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:43,代碼來源:network.py

示例2: determine_sockets

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import Curry [as 別名]
def determine_sockets(addr_space):
    """Determines all sockets for each module"""
    all_modules = win32.modules.lsmod(addr_space)

    if addr_space.profile.metadata.get('major', 0) <= 5.1 and addr_space.profile.metadata.get('minor', 0) == 1:
        module_versions = module_versions_xp
    else:
        module_versions = module_versions_2003

    for m in all_modules:
        if str(m.BaseDllName).lower() == 'tcpip.sys':
            for attempt in module_versions:
                table_size = obj.Object(
                    "unsigned long",
                    offset = m.DllBase +
                             module_versions[attempt]['AddrObjTableSizeOffset'][0],
                    vm = addr_space)

                table_addr = obj.Object(
                    "address",
                    offset = m.DllBase +
                             module_versions[attempt]['AddrObjTableOffset'][0],
                    vm = addr_space)

                if int(table_size) > 0 and int(table_size) < MAX_SOCKETS:
                    table = obj.Object("Array",
                        offset = table_addr, vm = addr_space,
                        count = table_size,
                        target = obj.Curry(obj.Pointer, "_ADDRESS_OBJECT"))

                    if table:
                        for entry in table:
                            sock = entry.dereference()
                            seen = set()
                            while sock.is_valid() and sock.obj_offset not in seen:
                                yield sock
                                seen.add(sock.obj_offset)
                                sock = sock.Next.dereference() 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:40,代碼來源:network.py

示例3: main

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import Curry [as 別名]
def main():

    # Get the version information on every output from the beginning
    # Exceptionally useful for debugging/telling people what's going on
    sys.stderr.write("Volatility Foundation Volatility Framework {0}\n".format(constants.VERSION))
    sys.stderr.flush()

    # Setup the debugging format
    debug.setup()
    # Load up modules in case they set config options
    registry.PluginImporter()

    ## Register all register_options for the various classes
    registry.register_global_options(config, addrspace.BaseAddressSpace)
    registry.register_global_options(config, commands.Command)

    if config.INFO:
        print_info()
        sys.exit(0)

    ## Parse all the options now
    config.parse_options(False)
    # Reset the logging level now we know whether debug is set or not
    debug.setup(config.DEBUG)

    module = None
    ## Try to find the first thing that looks like a module name
    cmds = registry.get_plugin_classes(commands.Command, lower = True)
    for m in config.args:
        if m in cmds.keys():
            module = m
            break

    if not module:
        config.parse_options()
        debug.error("You must specify something to do (try -h)")

    try:
        if module in cmds.keys():
            command = cmds[module](config)

            ## Register the help cb from the command itself
            config.set_help_hook(obj.Curry(command_help, command))
            config.parse_options()

            if not config.LOCATION:
                debug.error("Please specify a location (-l) or filename (-f)")

            command.execute()
    except exceptions.VolatilityException, e:
        print e 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:53,代碼來源:vol.py


注:本文中的volatility.obj.Curry方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。