def _update_runners(self): super(InteractiveSession, self)._update_runners() try: help_profile = self.LoadProfile("help_doc") except ValueError: help_profile = None self._locals['plugins'] = Container() for cls in plugin.Command.GetActiveClasses(self): default_args, doc = "", "" if help_profile: default_args = help_profile.ParametersForPlugin(cls.__name__) doc = help_profile.DocsForPlugin(cls.__name__) name = cls.name if name: # Create a runner for this plugin and set its documentation. runner = obj.Curry(self.RunPlugin, name, default_arguments=default_args) runner.__doc__ = doc setattr(self._locals['plugins'], name, runner) self._locals[name] = runner
def _update_runners(self): self.plugins = Container() for cls in plugin.Command.GetActiveClasses(self): name = cls.name if name: setattr(self.plugins, name, obj.Curry(cls, session=self)) # Install parameter hooks. self._parameter_hooks = {} for cls in kb.ParameterHook.classes.values(): if cls.is_active(self) and cls.name: self._parameter_hooks[cls.name] = cls(session=self)
def __getattr__(self, name): """Gets a wrapped active plugin class. A convenience function that returns a curry wrapping the plugin class with the session parameter so users do not need to explicitly pass the session. This makes it easy to use in the interactive console: pslist_plugin = plugins.pslist() """ plugin_cls = self.GetPluginClass(name) if plugin_cls == None: return plugin_cls return obj.Curry(plugin_cls, session=self.session)
def UpdateRunners(self): """Updates the plugins container with active plugins. Active plugins may change based on the profile/filename etc. """ self.plugins = Container() for cls in plugin.Command.GetActiveClasses(self): name = cls.name if name: setattr(self.plugins, name, obj.Curry(cls, session=self)) # Install parameter hooks. self._parameter_hooks = {} for cls in kb.ParameterHook.classes.values(): if cls.is_active(self) and cls.name: self._parameter_hooks[cls.name] = cls(session=self)
def _prepare_runner(self, name): """Prepare a runner to run the given plugin.""" if self.help_profile is None: self.help_profile = self.session.LoadProfile("help_doc") doc = "" plugin_cls = self.session.plugins.GetPluginClass(name) default_args = "" if plugin_cls: default_args, doc = "", "" default_args = self.help_profile.ParametersForPlugin( plugin_cls.__name__) doc = self.help_profile.DocsForPlugin(plugin_cls.__name__) # Create a runner for this plugin and set its documentation. runner = obj.Curry( self["session"].RunPlugin, name, default_arguments=default_args) runner.__doc__ = doc return runner
"""Data types for various compilers. Different models: http://www.unix.org/version2/whatsnew/lp64_wp.html http://en.wikipedia.org/wiki/64-bit_computing Python standard types: http://docs.python.org/2/library/struct.html#format-characters """ from rekall import obj # Model on 64 bit unix like operating systems. LP64 = { 'bool': obj.Curry(obj.Bool, type_name='bool', format_string='<c'), # Char is 8 bits. 'char': obj.Curry(obj.NativeType, type_name='char', format_string='<c'), 'unsigned char': obj.Curry(obj.NativeType, type_name='unsigned char', format_string='<B'), # Shorts are 16 bits. 'short': obj.Curry(obj.NativeType, type_name='short', format_string='<h'), 'unsigned short': obj.Curry(obj.NativeType, type_name='unsigned short', format_string='<H'), # ints are 32 bits. 'int':
"""Data types for various compilers. Different models: http://www.unix.org/version2/whatsnew/lp64_wp.html http://en.wikipedia.org/wiki/64-bit_computing Python standard types: http://docs.python.org/2/library/struct.html#format-characters """ from rekall import obj # Unambigious types BASE = { "uint8_t": obj.Curry(obj.NativeType, type_name='uint8_t', format_string='<B'), "uint16_t": obj.Curry(obj.NativeType, type_name='uint16_t', format_string='<H'), "uint32_t": obj.Curry(obj.NativeType, type_name='uint32_t', format_string='<I'), "uint64_t": obj.Curry(obj.NativeType, type_name='uint64_t', format_string='<Q'), } # Model on 64 bit unix like operating systems. LP64 = { 'bool': obj.Curry(obj.Bool, type_name='bool', format_string='<c'), # Char is 8 bits. 'char':