當前位置: 首頁>>代碼示例>>Python>>正文


Python common.AbstractWindowsCommand方法代碼示例

本文整理匯總了Python中volatility.plugins.common.AbstractWindowsCommand方法的典型用法代碼示例。如果您正苦於以下問題:Python common.AbstractWindowsCommand方法的具體用法?Python common.AbstractWindowsCommand怎麽用?Python common.AbstractWindowsCommand使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在volatility.plugins.common的用法示例。


在下文中一共展示了common.AbstractWindowsCommand方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option("ASEP-TYPE", short_option='t', default=None,
                          help='Only collect the ASEP types specified. Select from: autoruns, services, appinit, winlogon, tasks, activesetup, sdb (comma-separated)',
                          action='store', type='str')
        config.remove_option("VERBOSE")
        config.add_option("VERBOSE", short_option='v', default=False,
                          help='Show entries that are normally filtered out (Ex. Services from the System32 folder)',
                          action='store_true')

        self.process_dict = {}
        self.autoruns = []
        self.services = []
        self.appinit_dlls = []
        self.winlogon = []
        self.winlogon_registrations = []
        self.tasks = []
        self.activesetup = []
        self.sdb = [] 
開發者ID:tomchop,項目名稱:volatility-autoruns,代碼行數:21,代碼來源:autoruns.py

示例2: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.remove_option("SAVE-EVT")
        config.remove_option("HIVE-OFFSET")
        config.remove_option("KEY")
        config.remove_option("BASE")
        config.remove_option("REGEX")
        config.remove_option("IGNORE-CASE")
        config.remove_option("DUMP-DIR")
        config.remove_option("OFFSET")
        config.remove_option("PID")
        config.remove_option("UNSAFE")

        self.types = ["Process", "Socket", "Shimcache", "Userassist", "IEHistory", "Thread", "Symlink", "Timer",
                      "_CM_KEY_BODY", "LoadTime", "TimeDateStamp", "_HBASE_BLOCK", "_CMHIVE", "EvtLog", "ImageDate"]

        config.add_option('HIVE', short_option = 'H',
                          help = 'Gather Timestamps from a Particular Registry Hive', type = 'str')
        config.add_option('USER', short_option = 'U',
                          help = 'Gather Timestamps from a Particular User\'s Hive(s)', type = 'str')
        config.add_option("MACHINE", default = "",
                        help = "Machine name to add to timeline header")
        config.add_option("TYPE", default = "".join([",".join(x for x in sorted(self.types))]),
                        help = "Type of artifact to use in timeline (default is all, but \"Registry\")") 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:26,代碼來源:timeliner.py

示例3: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)

        config.add_option('STRING-FILE', short_option = 's', default = None,
                          help = 'File output in strings format (offset:string)',
                          action = 'store', type = 'str')
        config.add_option("SCAN", short_option = 'S', default = False,
                          action = 'store_true', help = 'Use PSScan if no offset is provided')
        config.add_option('OFFSET', short_option = 'o', default = None,
                          help = 'EPROCESS offset (in hex) in the physical address space',
                          action = 'store', type = 'int')
        config.add_option('PID', short_option = 'p', default = None,
                          help = 'Operate on these Process IDs (comma-separated)',
                          action = 'store', type = 'str')
        config.add_option('LOOKUP-PID', short_option = 'L', default = False,
                          action = 'store_true', help = 'Lookup the ImageFileName of PIDs') 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:18,代碼來源:strings.py

示例4: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option("OFFSET", short_option = "o", default = None,
                          help = "Physical offset for MFT Entries (comma delimited)")
        config.add_option('NOCHECK', short_option = 'N', default = False,
                          help = 'Only all entries including w/null timestamps',
                          action = "store_true")
        config.add_option("ENTRYSIZE", short_option = "E", default = 1024,
                          help = "MFT Entry Size",
                          action = "store", type = "int")
        config.add_option('DUMP-DIR', short_option = 'D', default = None,
                      cache_invalidator = False,
                      help = 'Directory in which to dump extracted resident files')
        config.add_option("MACHINE", default = "",
                        help = "Machine name to add to timeline header")
        config.add_option("DEBUGOUT", default = False,
                        help = "Output debugging messages",
                        action = "store_true") 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:20,代碼來源:mftparser.py

示例5: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs) 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:4,代碼來源:win10cookie.py

示例6: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option('MIN-LENGTH', short_option = 'M', default = 5,
                          help = 'Mimumim length of passphrases to identify',
                          action = 'store', type = 'int') 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:7,代碼來源:tcaudit.py

示例7: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option('TAGS', short_option = 't', help = 'Pool tag to find') 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:5,代碼來源:bigpagepools.py

示例8: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        cache.Testable.__init__(self)
        config.add_option('OFFSET', short_option = 'o', default = None,
                          help = 'EPROCESS offset (in hex) in the physical address space',
                          action = 'store', type = 'int')

        config.add_option('PID', short_option = 'p', default = None,
                          help = 'Operate on these Process IDs (comma-separated)',
                          action = 'store', type = 'str')

        config.add_option('NAME', short_option = 'n', default = None,
                          help = 'Operate on these process names (regex)',
                          action = 'store', type = 'str') 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:16,代碼來源:taskmods.py

示例9: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option("PHYSICAL-OFFSET", short_option = 'P', default = False,
                          cache_invalidator = False, help = "Physical Offset", action = "store_true") 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:6,代碼來源:modules.py

示例10: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option('ADDR', short_option = 'a', default = None,
                          help = 'Show info on module at or containing this address',
                          action = 'store', type = 'int') 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:7,代碼來源:drivermodule.py

示例11: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)

        config.add_option('OFFSET', short_option = 'o', default = None,
                          help = 'EPROCESS Offset (in hex) in kernel address space',
                          action = 'store', type = 'int')
        config.add_option('IMNAME', short_option = 'n', default = None,
                          help = 'Operate on this Process name',
                          action = 'store', type = 'str')
        config.add_option('PID', short_option = 'p', default = None,
                          help = 'Operate on these Process IDs (comma-separated)',
                          action = 'store', type = 'str')

        self._addrspace = None
        self._proc = None 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:17,代碼來源:volshell.py

示例12: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)

        self.kaddr_space = None
        self.filters = []

        config.add_option('REGEX', short_option = 'r',
                      help = 'Dump files matching REGEX',
                      action = 'store', type = 'string')
        config.add_option('IGNORE-CASE', short_option = 'i',
                      help = 'Ignore case in pattern match',
                      action = 'store_true', default = False)
        config.add_option('OFFSET', short_option = 'o', default = None,
                      help = 'Dump files for Process with physical address OFFSET',
                      action = 'store', type = 'int')
        config.add_option('PHYSOFFSET', short_option = 'Q', default = None,
                      help = 'Dump File Object at physical address PHYSOFFSETs (comma delimited)',
                      action = 'store', type = 'str')
        config.add_option('DUMP-DIR', short_option = 'D', default = None,
                      cache_invalidator = False,
                      help = 'Directory in which to dump extracted files')
        config.add_option('SUMMARY-FILE', short_option = 'S', default = None,
                      cache_invalidator = False,
                      help = 'File where to store summary information')
        config.add_option('PID', short_option = 'p', default = None,
                      help = 'Operate on these Process IDs (comma-separated)',
                      action = 'store', type = 'str')
        config.add_option('NAME', short_option = 'n',
                      help = 'Include extracted filename in output file path',
                      action = 'store_true', default = False)
        config.add_option('UNSAFE', short_option = 'u',
                      help = 'Relax safety constraints for more data',
                      action = 'store_true', default = False)

        # Possible filters include:
        # SharedCacheMap,DataSectionObject,ImageSectionObject,HandleTable,VAD
        config.add_option("FILTER", short_option = 'F', default = None,
                            help = 'Filters to apply (comma-separated). Possible values:\n\nSharedCacheMap,DataSectionObject,ImageSectionObject,HandleTable,VAD') 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:40,代碼來源:dumpfiles.py

示例13: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option('TAG', short_option = 't', 
                    help = 'Pool tag to find')   
        config.add_option('MIN-SIZE', short_option = 'm', 
                    type = 'int', 
                    help = 'Minimum size of the pool to find (default: 0)', 
                    default = 0)   
        config.add_option('MAX-SIZE', short_option = 'M', 
                    type = 'int', 
                    help = 'Maximum size of the pool to find (default: 4096)', 
                    default = 4096)   
        config.add_option('PAGED', short_option = 'P', 
                    help = 'Search in paged pools (default: False)', 
                    default = False, action = "store_true") 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:17,代碼來源:pooltracker.py

示例14: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option('HIVE-OFFSET', short_option = 'o',
                          help = 'Hive offset (virtual)', type = 'int')
        self.regapi = None 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:7,代碼來源:shutdown.py

示例15: __init__

# 需要導入模塊: from volatility.plugins import common [as 別名]
# 或者: from volatility.plugins.common import AbstractWindowsCommand [as 別名]
def __init__(self, config, *args, **kwargs):
        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
        config.add_option('HIVE-OFFSET', short_option = 'o', default = None,
                          help = 'Hive offset (virtual)', 
                          action = 'store', type = 'int')
        config.add_option('DUMP-DIR', short_option = 'D', default = None,
                      cache_invalidator = False,
                      help = 'Directory in which to dump extracted files') 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:10,代碼來源:dumpregistry.py


注:本文中的volatility.plugins.common.AbstractWindowsCommand方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。