def main(argv=None):
# New user interactive session (with extra bells and whistles).
user_session = session.InteractiveSession()
user_session.session_list.append(user_session)
text_renderer = text.TextRenderer(session=user_session)
with text_renderer.start():
plugin_cls, flags = args.parse_args(argv=argv,
user_session=user_session)
# Determine if an external script needs to be run first.
if getattr(flags, "run", None):
# Export the session object to the external script.
user_session.locals["session"] = user_session
exec open(flags.run) in user_session.locals
try:
# Run the plugin with plugin specific args.
user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags))
except Exception as e:
logging.fatal("%s. Try --debug for more information." % e)
if getattr(flags, "debug", None):
pdb.post_mortem(sys.exc_info()[2])
raise
finally:
user_session.Flush()
def dump_process(self, eprocess, fd, index_fd):
task_as = eprocess.get_process_address_space()
temp_renderer = text.TextRenderer(session=self.session,
fd=index_fd)
with temp_renderer.start():
temp_renderer.table_header([
("File Address", "file_addr", "[addrpad]"),
("Length", "length", "[addrpad]"),
("Virtual Addr", "virtual", "[addrpad]")])
# Only dump the userspace portion of addressable memory.
max_memory = self.session.GetParameter("highest_usermode_address")
blocksize = 1024 * 1024
for run in task_as.get_address_ranges(end=max_memory):
for offset in utils.xrange(run.start, run.end, blocksize):
to_read = min(blocksize, run.end - offset)
if to_read == 0:
break
data = task_as.read(offset, to_read)
file_offset = fd.tell()
fd.write(data)
# Write the index file.
temp_renderer.table_row(file_offset, to_read, offset)
def render(self, renderer):
if self.dump_dir is None:
raise plugin.PluginError("Dump directory not specified.")
for task in self.filter_processes():
filename = u"{0}_{1:d}.dmp".format(task.comm, task.pid)
renderer.write(u"Writing {0} {1:6x} to {2}\n".format(
task.comm, task, filename))
with renderer.open(directory=self.dump_dir,
filename=filename,
mode='wb') as fd:
maps = self.dump_process(task, fd)
# Make an index file.
with renderer.open(directory=self.dump_dir,
filename=filename + ".idx",
mode='wb') as fd:
temp_renderer = text.TextRenderer(session=self.session,
fd=fd, mode="wb")
with temp_renderer.start():
temp_renderer.table_header([
("File Address", "file_addr", "[addrpad]"),
("Length", "length", "[addrpad]"),
("Virtual Addr", "virtual", "[addrpad]")])
self.write_index(temp_renderer, maps)
def run(self, flow_obj=None):
self._text_renderer = text.TextRenderer(session=self._session)
self._data_renderer = data_export.DataExportRenderer(
session=self._session)
self._uploaded_files = {}
self._flow_obj = flow_obj
# Make sure to notify the flow status about the collection we are about
# to create.
flow_obj.status.collection_ids.append(self.collection.id)
# Find the plugin we need to call.
plugin_cls = plugin.Command.ImplementationByClass(self.plugin)
if plugin_cls == None:
raise plugin_cls.PluginError("Unknown plugin")
plugin_obj = plugin_cls(session=self._session, **self.args)
# We need to define the columns for the output collection.
columns = []
for column in plugin_obj.table_header:
columns.append(dict(name=column['name'], type="any"))
# Add a new table to the collection.
self.collection.tables.append(dict(name="data", columns=columns))
with self.collection.start():
for row in plugin_obj:
self.collection.insert(table="data", **self.convert_row(row))
def main(argv=None):
# New user interactive session (with extra bells and whistles).
user_session = session.InteractiveSession()
user_session.session_list.append(user_session)
text_renderer = text.TextRenderer(session=user_session)
with text_renderer.start():
plugin_cls, flags = args.parse_args(argv=argv,
user_session=user_session)
# Determine if an external script needs to be run first.
if getattr(flags, "run", None):
# Export the session object to the external script.
user_session.locals["session"] = user_session
exec open(flags.run) in user_session.locals
try:
# Run the plugin with plugin specific args.
user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags))
except Exception as e:
if getattr(flags, "debug", None):
pdb.post_mortem(sys.exc_info()[2])
else:
logging.error("%s. Try --debug for more information." % e)
# Exit with an error.
sys.exit(-1)
# Right before we exit we check if we need to save the current session.
if user_session.state.session_filename and (
user_session.state.dirty or user_session.state.cache.dirty):
user_session.SaveToFile(user_session.state.session_filename)
def __str__(self):
"""Render into a string using the text renderer."""
fd = StringIO.StringIO()
ui_renderer = text_renderer.TextRenderer(session=self.session, fd=fd)
with ui_renderer.start(plugin_name=self.name):
self.render(ui_renderer)
return fd.getvalue()
def __unicode__(self):
"""Render ourselves into a string."""
fd = StringIO.StringIO()
ui_renderer = text_renderer.TextRenderer(session=self.session, fd=fd)
with ui_renderer.start():
for descriptor in self:
descriptor.render(ui_renderer)
return fd.getvalue()
def main(_):
start = time.time()
renderer = text.TextRenderer()
with renderer:
with RekallTester(renderer=renderer) as tester:
tester.RunTests()
tester.renderer.write(
"Completed %s tests (%s passed, %s failed, %s rebuild) in "
"%s Seconds.\n" % (len(tester.successes) + len(tester.failures),
len(tester.successes), len(tester.failures),
tester.rebuilt, int(time.time() - start)))
def main(_):
start = time.time()
# We dont want a pager for the main view.
renderer = text.TextRenderer(session=session.Session(pager="-"))
with renderer.start():
with RekallTester(renderer=renderer) as tester:
tester.RunTests()
tester.renderer.write(
"Completed %s tests (%s passed, %s failed, %s rebuild) in "
"%s Seconds.\n" %
(len(tester.successes) + len(tester.failures), len(tester.successes),
len(tester.failures), tester.rebuilt, int(time.time() - start)))
def main(_):
start = time.time()
# We dont want a pager for the main view.
user_session = session.InteractiveSession(pager="-")
renderer = text.TextRenderer(session=user_session)
with renderer.start():
with RekallTester(renderer=renderer) as tester:
tester.RunTests()
tester.renderer.write(
"Completed %s tests (%s passed, %s failed, %s rebuild) in "
"%s Seconds.\n" % (len(tester.successes) + len(tester.failures),
len(tester.successes), len(tester.failures),
tester.rebuilt, int(time.time() - start)))
# Return an error when any tests failed.
if tester.failures:
sys.exit(-1)
def RenderAsText(self):
"""Render the Rekall responses as Text using the standard Rekall renderer.
This is mostly useful as a quick check of the output (e.g. in the console).
Returns:
Text rendered Rekall plugin output.
"""
s = session.Session()
fd = StringIO.StringIO()
renderer = text.TextRenderer(session=s, fd=fd)
with renderer.start():
for response in self:
for json_message in json.loads(response.json_messages):
self.RenderStatement(json_message, renderer)
return fd.getvalue()
def __init__(self, collection, flow_obj, **kwargs):
super(PluginRenderer, self).__init__(**kwargs)
self.collection = collection
self.current_section = "data"
self.section_number = 0
self._text_renderer = text.TextRenderer(session=self.session)
self._data_renderer = data_export.DataExportRenderer(
session=self.session)
self._uploaded_files = {}
self._flow_obj = flow_obj
self.collection.tables.append(dict(name="logs", columns=[
dict(name="timestamp", type="epoch"),
dict(name="level", type="int"),
dict(name="source"),
dict(name="message"),
]))
self.handler = LogCapturer(self)
def GenerateArgsTable(args):
line_buffer = io.StringIO()
renderer = text.TextRenderer(session=rekall_session, fd=line_buffer)
boundary = "%s %s %s" % ("=" * COLUMN_WIDTH[0], "=" * COLUMN_WIDTH[1],
"=" * COLUMN_WIDTH[2])
with renderer:
renderer.table_header([
dict(name="Plugin", width=COLUMN_WIDTH[0]),
dict(name="Type", width=COLUMN_WIDTH[1]),
dict(name="Description", width=COLUMN_WIDTH[2])
])
for name, spec in sorted(args.items()):
renderer.table_row(name, spec["type"], spec["help"])
result = [boundary]
result.extend(line_buffer.getvalue().splitlines())
result.append(boundary)
result[2] = boundary
return result
def __init__(self, output=None, **kwargs):
super(XLSRenderer, self).__init__(**kwargs)
# Make a single delegate text renderer for reuse. Most of the time we
# will just replicate the output from the TextRenderer inside the
# spreadsheet cell.
self.delegate_text_renderer = text.TextRenderer(session=self.session)
self.output = output or self.session.GetParameter("output")
# If no output filename was give, just make a name based on the time
# stamp.
if self.output == None:
self.output = "%s.xls" % time.ctime()
try:
self.wb = openpyxl.load_workbook(self.output)
self.current_ws = self.wb.create_sheet()
except IOError:
self.wb = openpyxl.Workbook()
self.current_ws = self.wb.active
def dump_process(self, eprocess, fd, index_fd):
task_as = eprocess.get_process_address_space()
highest_address = self._get_highest_user_address()
temp_renderer = text.TextRenderer(session=self.session, fd=index_fd)
with temp_renderer.start():
temp_renderer.table_header([
("File Address", "file_addr", "[addrpad]"),
("Length", "length", "[addrpad]"),
("Virtual Addr", "virtual", "[addrpad]")
])
for _ in task_as.get_available_addresses():
virt_address, phys_address, length = _
if not self.all and virt_address > highest_address:
break
data = self.physical_address_space.read(phys_address, length)
temp_renderer.table_row(fd.tell(), length, virt_address)
fd.write(data)
def render(self, renderer):
if self.dump_dir is None:
raise plugin.PluginError("Dump directory not specified.")
for task in self.filter_processes():
filename = os.path.join(
self.dump_dir, u"{0}_{1:d}.dmp".format(task.comm, task.pid))
renderer.write(u"Writing {0} {1:6x} to {2}\n".format(
task.comm, task, filename))
with open(filename, 'wb') as fd:
maps = self.dump_process(task, fd)
with open(filename + ".idx", 'wb') as fd:
with text.TextRenderer(fd=fd) as temp_renderer:
temp_renderer.table_header([
("File Address", "file_addr", "[addrpad]"),
("Length", "length", "[addrpad]"),
("Virtual Addr", "virtual", "[addrpad]")
])
self.write_index(temp_renderer, maps)
def RenderAsText(self):
"""Render the Rekall responses as Text using the standard Rekall renderer.
This is mostly useful as a quick check of the output (e.g. in the console).
Returns:
Text rendered Rekall plugin output.
"""
s = session.Session()
fd_out = StringIO.StringIO()
renderer = text.TextRenderer(session=s, fd=fd_out)
with renderer.start():
for response in self:
fd_in = StringIO.StringIO()
fd_in.write(response.json_messages)
fd_in.seek(0)
rekall_json_parser = json_tools.JSONParser(session=s, fd=fd_in)
rekall_json_parser.render(renderer)
fd_in.close()
return fd_out.getvalue()