def run(self, results):
action = "delete"
src = get_memdump_path(results["info"]["id"])
if "store_memdump" in results["info"]["options"]:
action = "store"
if repconf.tmpfsclean.key in results:
if any([
"checkme" in block
for block in results[repconf.tmpfsclean.key]
]):
action = "store"
if action == "delete":
log.debug("Deleting memdump: %s", src)
if os.path.exists(src):
os.remove(src)
else:
dest = get_memdump_path(results["info"]["id"],
analysis_folder=True)
log.debug("Storing memdump: %s", dest)
if src != dest:
if os.path.exists(src):
shutil.move(src, dest)
if os.path.exists(f"{src}.strings"):
shutil.move(f"{src}.strings", f"{dest}.strings")
def run(self, results):
action = "delete"
src = get_memdump_path(results["info"]["id"])
if reporting_conf.ramfsclean.key in results:
if any(["checkme" in block for block in results[reporting_conf.ramfsclean.key]]):
action = "store"
if action == "delete":
log.debug("Deleting memdump: {}".format(src))
if os.path.exists(src):
os.remove(src)
else:
dest = get_memdump_path(results["info"]["id"], analysis_folder=True)
log.debug("Storing memdump: {}".format(dest))
if os.path.exists(src):
shutil.move(src, dest)
def launch_analysis(self):
"""Start analysis."""
succeeded = False
dead_machine = False
self.socks5s = _load_socks5_operational()
log.info("Task #{0}: Starting analysis of {1} '{2}'".format(
self.task.id, self.task.category.upper(),
convert_to_printable(self.task.target)))
# Initialize the analysis folders.
if not self.init_storage():
log.debug("Failed to initialize the analysis folder")
return False
if self.task.category in ["file", "pcap", "static"]:
sha256 = File(self.task.target).get_sha256()
# Check whether the file has been changed for some unknown reason.
# And fail this analysis if it has been modified.
if not self.check_file(sha256):
return False
# Store a copy of the original file.
if not self.store_file(sha256):
return False
if self.task.category in ("pcap", "static"):
if self.task.category == "pcap":
if hasattr(os, "symlink"):
os.symlink(self.binary,
os.path.join(self.storage, "dump.pcap"))
else:
shutil.copy(self.binary,
os.path.join(self.storage, "dump.pcap"))
# create the logs/files directories as
# normally the resultserver would do it
dirnames = ["logs", "files", "aux"]
for dirname in dirnames:
try:
os.makedirs(os.path.join(self.storage, dirname))
except:
pass
return True
# Acquire analysis machine.
try:
self.acquire_machine()
self.db.set_task_vm(self.task.id, self.machine.label,
self.machine.id)
# At this point we can tell the ResultServer about it.
except CuckooOperationalError as e:
machine_lock.release()
log.error("Task #{0}: Cannot acquire machine: {1}".format(
self.task.id, e),
exc_info=True)
return False
# Generate the analysis configuration file.
options = self.build_options()
try:
ResultServer().add_task(self.task, self.machine)
except Exception as e:
machinery.release(self.machine.label)
log.exception(e, exc_info=True)
self.errors.put(e)
aux = RunAuxiliary(task=self.task, machine=self.machine)
try:
unlocked = False
# Mark the selected analysis machine in the database as started.
guest_log = self.db.guest_start(self.task.id, self.machine.name,
self.machine.label,
machinery.__class__.__name__)
# Start the machine.
machinery.start(self.machine.label)
# Enable network routing.
self.route_network()
# By the time start returns it will have fully started the Virtual
# Machine. We can now safely release the machine lock.
machine_lock.release()
unlocked = True
aux.start()
# Initialize the guest manager.
guest = GuestManager(self.machine.name, self.machine.ip,
self.machine.platform, self.task.id, self)
options["clock"] = self.db.update_clock(self.task.id)
self.db.guest_set_status(self.task.id, "starting")
# Start the analysis.
guest.start_analysis(options)
if self.db.guest_get_status(self.task.id) == "starting":
self.db.guest_set_status(self.task.id, "running")
guest.wait_for_completion()
self.db.guest_set_status(self.task.id, "stopping")
succeeded = True
except CuckooMachineError as e:
if not unlocked:
machine_lock.release()
log.error(str(e), extra={"task_id": self.task.id}, exc_info=True)
dead_machine = True
except CuckooGuestError as e:
if not unlocked:
machine_lock.release()
log.error(str(e), extra={"task_id": self.task.id}, exc_info=True)
finally:
# Stop Auxiliary modules.
aux.stop()
# Take a memory dump of the machine before shutting it off.
if self.cfg.cuckoo.memory_dump or self.task.memory:
try:
dump_path = get_memdump_path(self.task.id)
need_space, space_available = free_space_monitor(
os.path.dirname(dump_path), return_value=True)
if need_space:
log.error(
"Not enough free disk space! Could not dump ram (Only %d MB!)",
space_available)
else:
machinery.dump_memory(self.machine.label, dump_path)
except NotImplementedError:
log.error("The memory dump functionality is not available "
"for the current machine manager.")
except CuckooMachineError as e:
log.error(e, exc_info=True)
try:
# Stop the analysis machine.
machinery.stop(self.machine.label)
except CuckooMachineError as e:
log.warning(
"Task #{0}: Unable to stop machine {1}: {2}".format(
self.task.id, self.machine.label, e))
# Mark the machine in the database as stopped. Unless this machine
# has been marked as dead, we just keep it as "started" in the
# database so it'll not be used later on in this session.
self.db.guest_stop(guest_log)
# After all this, we can make the ResultServer forget about the
# internal state for this analysis task.
ResultServer().del_task(self.task, self.machine)
# Drop the network routing rules if any.
self.unroute_network()
if dead_machine:
# Remove the guest from the database, so that we can assign a
# new guest when the task is being analyzed with another
# machine.
self.db.guest_remove(guest_log)
# Remove the analysis directory that has been created so
# far, as launch_analysis() is going to be doing that again.
shutil.rmtree(self.storage)
# This machine has turned dead, so we throw an exception here
# which informs the AnalysisManager that it should analyze
# this task again with another available machine.
raise CuckooDeadMachine()
try:
# Release the analysis machine. But only if the machine has
# not turned dead yet.
machinery.release(self.machine.label)
except CuckooMachineError as e:
log.error("Task #{0}: Unable to release machine {1}, reason "
"{2}. You might need to restore it manually.".format(
self.task.id, self.machine.label, e))
return succeeded
def launch_analysis(self):
"""Start analysis."""
succeeded = False
dead_machine = False
self.socks5s = _load_socks5_operational()
log.info(
"Task #%s: Starting analysis of %s '%s'",
self.task.id,
self.task.category.upper(),
convert_to_printable(self.task.target),
)
# Initialize the analysis folders.
if not self.init_storage():
log.debug("Failed to initialize the analysis folder")
return False
category_early_escape = self.category_checks()
if isinstance(category_early_escape, bool):
return category_early_escape
# Acquire analysis machine.
try:
self.acquire_machine()
self.db.set_task_vm(self.task.id, self.machine.label, self.machine.id)
# At this point we can tell the ResultServer about it.
except CuckooOperationalError as e:
machine_lock.release()
log.error("Task #%s: Cannot acquire machine: %s", self.task.id, e, exc_info=True)
return False
# Generate the analysis configuration file.
options = self.build_options()
try:
ResultServer().add_task(self.task, self.machine)
except Exception as e:
machinery.release(self.machine.label)
log.exception(e, exc_info=True)
self.errors.put(e)
aux = RunAuxiliary(task=self.task, machine=self.machine)
try:
unlocked = False
# Mark the selected analysis machine in the database as started.
guest_log = self.db.guest_start(self.task.id, self.machine.name, self.machine.label, machinery.__class__.__name__)
# Start the machine.
machinery.start(self.machine.label)
# Enable network routing.
self.route_network()
# By the time start returns it will have fully started the Virtual
# Machine. We can now safely release the machine lock.
machine_lock.release()
unlocked = True
aux.start()
# Initialize the guest manager.
guest = GuestManager(self.machine.name, self.machine.ip, self.machine.platform, self.task.id, self)
options["clock"] = self.db.update_clock(self.task.id)
self.db.guest_set_status(self.task.id, "starting")
# Start the analysis.
guest.start_analysis(options)
if self.db.guest_get_status(self.task.id) == "starting":
self.db.guest_set_status(self.task.id, "running")
guest.wait_for_completion()
self.db.guest_set_status(self.task.id, "stopping")
succeeded = True
except (CuckooMachineError, CuckooNetworkError) as e:
if not unlocked:
machine_lock.release()
log.error(str(e), extra={"task_id": self.task.id}, exc_info=True)
dead_machine = True
except CuckooGuestError as e:
if not unlocked:
machine_lock.release()
log.error(str(e), extra={"task_id": self.task.id}, exc_info=True)
finally:
# Stop Auxiliary modules.
aux.stop()
# Take a memory dump of the machine before shutting it off.
if self.cfg.cuckoo.memory_dump or self.task.memory:
try:
dump_path = get_memdump_path(self.task.id)
need_space, space_available = free_space_monitor(os.path.dirname(dump_path), return_value=True)
if need_space:
log.error("Not enough free disk space! Could not dump ram (Only %d MB!)", space_available)
else:
machinery.dump_memory(self.machine.label, dump_path)
except NotImplementedError:
log.error("The memory dump functionality is not available for the current machine manager")
except CuckooMachineError as e:
log.error(e, exc_info=True)
try:
# Stop the analysis machine.
machinery.stop(self.machine.label)
except CuckooMachineError as e:
log.warning("Task #%s: Unable to stop machine %s: %s", self.task.id, self.machine.label, e)
# Mark the machine in the database as stopped. Unless this machine
# has been marked as dead, we just keep it as "started" in the
# database so it'll not be used later on in this session.
self.db.guest_stop(guest_log)
# After all this, we can make the ResultServer forget about the
# internal state for this analysis task.
ResultServer().del_task(self.task, self.machine)
# Drop the network routing rules if any.
self.unroute_network()
if dead_machine:
# Remove the guest from the database, so that we can assign a
# new guest when the task is being analyzed with another
# machine.
self.db.guest_remove(guest_log)
# Remove the analysis directory that has been created so
# far, as launch_analysis() is going to be doing that again.
shutil.rmtree(self.storage)
# This machine has turned dead, so we throw an exception here
# which informs the AnalysisManager that it should analyze
# this task again with another available machine.
raise CuckooDeadMachine()
try:
# Release the analysis machine. But only if the machine has
# not turned dead yet.
machinery.release(self.machine.label)
except CuckooMachineError as e:
log.error(
"Task #%s: Unable to release machine %s, reason %s. You might need to restore it manually",
self.task.id,
self.machine.label,
e,
)
return succeeded
def test_get_memdump_path(mocker):
ret_path = utils.get_memdump_path(id=123)
assert ret_path.split("/")[-4:] == "storage/analyses/123/memory.dmp".split(
"/")
