Beispiel #1
0
    def collect(self, hint, zones):
        # If given a hint, we analyze it and see if it can tell us the
        # name of the allocation zone this is looking for.
        hinted_zone = None
        if hint:
            for dependency in self.manager.analyze(hint)["dependencies"]:
                if (dependency.component == "AllocationZone" and
                        dependency.attribute == "name"):
                    hinted_zone = dependency.value
                    break

        if not hinted_zone:
            return

        for zone in zones:
            if hinted_zone and zone["AllocationZone/name"] != hinted_zone:
                continue

            for element, state in self.collect_base_objects(
                    zone_name=zone["AllocationZone/name"], zones=zones):
                yield definitions.Buffer(
                    start=(element.obj_offset, element.obj_vm.dtb),
                    size=zone["AllocationZone/element_size"],
                    contents=element.obj_vm.read(
                        element.obj_offset,
                        zone["AllocationZone/element_size"]),
                    state=state,
                    purpose="zones",
                    context=zone.identity)
Beispiel #2
0
 def collect(self, hint, clists):
     for entity in clists:
         clist = entity["Struct/base"]
         yield [entity.identity,
                definitions.Buffer(kind="ring",
                                   state="freed",
                                   contents=clist.recovered_contents,
                                   start=clist.c_cs,
                                   end=clist.c_ce,
                                   size=clist.c_cn)]
Beispiel #3
0
    def collect(self, hint, ttys):
        for entity in ttys:
            file_identity = None
            session_identity = None

            tty = entity["MemoryObject/base_object"]
            session = tty.t_session.deref()
            vnode = session.s_ttyvp

            if session:
                session_identity = self.manager.identify(
                    {"MemoryObject/base_object": session})

            if vnode:
                # Look, it has a vnode!
                yield definitions.MemoryObject(base_object=vnode, type="vnode")
                file_identity = self.manager.identify(
                    {"MemoryObject/base_object": vnode})

            # Yield just the stubs of the input and output ring buffers.
            # DarwinClistParser will grab these if it cares.
            yield [
                definitions.MemoryObject(base_object=tty.t_rawq, type="clist"),
                definitions.Buffer(purpose="terminal_input",
                                   context=entity.identity)
            ]
            yield [
                definitions.MemoryObject(base_object=tty.t_outq, type="clist"),
                definitions.Buffer(purpose="terminal_output",
                                   context=entity.identity)
            ]

            # Last, but not least, the Terminal itself.
            yield [
                entity.identity,
                definitions.Terminal(session=session_identity,
                                     file=file_identity)
            ]