Python YaraProcessDumpInformation Beispiele

Programmiersprache: Python

Namespace / Paketname: grr.lib.rdfvalues.rdf_yara

Methode / Funktion: YaraProcessDumpInformation

Beispiele auf hotexamples.com: 2

Python YaraProcessDumpInformation - 2 Beispiele gefunden. Dies sind die am besten bewerteten Python Beispiele für die grr.lib.rdfvalues.rdf_yara.YaraProcessDumpInformation, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

    def DumpProcess(self, psutil_process, bytes_limit):
        response = rdf_yara.YaraProcessDumpInformation()
        response.process = rdf_client.Process.FromPsutilProcess(psutil_process)

        iterator = yara_procdump.process_memory_iterator(
            pid=psutil_process.pid)
        name = psutil_process.name()

        with tempfiles.TemporaryDirectory(cleanup=False) as tmp_dir:
            for block in iterator:

                filename_template = "%s_%d_%x_%x.tmp"
                filename = os.path.join(
                    tmp_dir.path,
                    filename_template % (name, psutil_process.pid, block.base,
                                         block.base + block.size))

                if bytes_limit and self.bytes_written + block.size > bytes_limit:
                    response.error = (
                        "Memory limit exceeded. Wrote %d bytes, "
                        "next block is %d bytes, limit is %d." %
                        (self.bytes_written, block.size, bytes_limit))
                    return response

                with open(filename, "wb") as fd:
                    fd.write(block)

                self.bytes_written += block.size

                response.dump_files.Append(
                    rdf_paths.PathSpec(
                        path=filename,
                        pathtype=rdf_paths.PathSpec.PathType.TMPFILE))
        return response

Beispiel #2

Datei anzeigen

Datei: yara_actions.py Projekt: dc865/grr

    def DumpProcess(self, psutil_process, args):
        response = rdf_yara.YaraProcessDumpInformation()
        response.process = rdf_client.Process.FromPsutilProcess(psutil_process)

        process = client_utils.OpenProcessForMemoryAccess(
            pid=psutil_process.pid)

        bytes_limit = args.size_limit

        with process:
            streamer = streaming.MemoryStreamer(process,
                                                chunk_size=args.chunk_size)

            with tempfiles.TemporaryDirectory(cleanup=False) as tmp_dir:
                for start, length in client_utils.MemoryRegions(process, args):

                    if bytes_limit and self.bytes_written + length > bytes_limit:
                        response.error = (
                            "Byte limit exceeded. Wrote %d bytes, "
                            "next block is %d bytes, limit is %d." %
                            (self.bytes_written, length, bytes_limit))
                        return response

                    end = start + length
                    filename = "%s_%d_%x_%x.tmp" % (
                        psutil_process.name(), psutil_process.pid, start, end)
                    filepath = os.path.join(tmp_dir.path, filename)

                    bytes_written = self._SaveMemDumpToFilePath(
                        filepath, streamer, start, length)

                    if not bytes_written:
                        continue

                    self.bytes_written += bytes_written
                    response.dump_files.Append(
                        rdf_paths.PathSpec(
                            path=filepath,
                            pathtype=rdf_paths.PathSpec.PathType.TMPFILE))

        return response