def get_memory_handler(opts):
if opts.dumptype == DUMPTYPE_BASE:
loader = dump_loader.ProcessMemoryDumpLoader(opts.dump_folder_name)
memory_handler = loader.make_memory_handler()
elif opts.dumptype == DUMPTYPE_VOLATILITY:
mapper = vol.VolatilityProcessMapper(opts.dump_filename, "WinXPSP2x86", opts.pid)
memory_handler = mapper.make_memory_handler()
elif opts.dumptype == DUMPTYPE_REKALL:
mapper = rek.RekallProcessMapper(opts.dump_filename, opts.pid)
memory_handler = mapper.make_memory_handler()
elif opts.dumptype == DUMPTYPE_LIVE:
memory_handler = dbg.make_local_process_memory_handler(pid=opts.pid, use_mmap=opts.mmap)
elif opts.dumptype == DUMPTYPE_MINIDUMP:
from haystack.mappings import minidump
loader = minidump.MDMP_Mapper(opts.dump_filename)
memory_handler = loader.make_memory_handler()
else:
raise RuntimeError('dump type has no case support. %s', opts.dumptype)
return memory_handler
def _init_process_dumpfile(dumpname):
loader = dump_loader.ProcessMemoryDumpLoader(dumpname)
mappings = loader.make_memory_handler()
return mappings
def initProcessDumpfile(self,args): loader = dump_loader.ProcessMemoryDumpLoader(args.dumpname) mappings = loader.getMappings() return mappings