當前位置: 首頁>>代碼示例>>Python>>正文


Python filescan.FileScan方法代碼示例

本文整理匯總了Python中volatility.plugins.filescan.FileScan方法的典型用法代碼示例。如果您正苦於以下問題:Python filescan.FileScan方法的具體用法?Python filescan.FileScan怎麽用?Python filescan.FileScan使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在volatility.plugins.filescan的用法示例。


在下文中一共展示了filescan.FileScan方法的1個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: get_tasks

# 需要導入模塊: from volatility.plugins import filescan [as 別名]
# 或者: from volatility.plugins.filescan import FileScan [as 別名]
def get_tasks(self):

        debug.debug('Started get_tasks()')
        addr_space = utils.load_as(self._config)
        f = filescan.FileScan(self._config)
        tasks = []
        parsed_tasks = []

        try:
            for file in f.calculate():
                filename = str(file.file_name_with_device() or '')
                if "system32\\tasks\\" in filename.lower() and (('system32\\tasks\\microsoft' not in filename.lower() or self._config.VERBOSE)):
                    tasks.append((file.obj_offset, filename))
                    debug.debug("Found task: 0x{0:x} {1}".format(file.obj_offset, filename))

            for offset, name in tasks:

                self._config.PHYSOFFSET = '0x{:x}'.format(offset)
                df = dumpfiles.DumpFiles(self._config)
                self._config.DUMP_DIR = '.'
                for data in df.calculate():
                    # Doing this with mmap would probably be cleaner
                    # Create a sufficiently large (dynamically resizable?)
                    # memory map so that we can seek and write the file accordingly
                    #
                    # SystemError: mmap: resizing not available--no mremap()

                    chopped_file = {}

                    for mdata in data['present']:
                        rdata = addr_space.base.read(mdata[0], mdata[2])
                        chopped_file[mdata[1]] = rdata

                    task_xml = "".join(part[1] for part in sorted(chopped_file.items(), key=lambda x: x[0]))

                    parsed = self.parse_task_xml(task_xml, name)

                    if parsed:
                        args = parsed['Actions']['Exec'].get("Arguments", None)
                        if args:
                            parsed['Actions']['Exec']['Command'] += " {}".format(args)
                        pids = self.find_pids_for_imagepath(parsed['Actions']['Exec']['Command'])
                        parsed_tasks.append((name.split('\\')[-1], parsed, task_xml, pids))

        except Exception as e:
            debug.warning('get_tasks() failed to complete. Exception: {0} {1}'.format(type(e).__name__, e.args))

        debug.debug('Finished get_tasks()')
        return parsed_tasks 
開發者ID:tomchop,項目名稱:volatility-autoruns,代碼行數:51,代碼來源:autoruns.py


注:本文中的volatility.plugins.filescan.FileScan方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。