def main(argv=None):
# New user interactive session (with extra bells and whistles).
user_session = session.InteractiveSession()
user_session.session_list.append(user_session)
# Alow all special plugins to run.
user_session.privileged = True
def global_arg_cb(global_flags, _):
if global_flags.version:
print("This is Rekall Version %s (%s)" % (
constants.VERSION, constants.CODENAME))
print(rekall.get_versions())
sys.exit(0)
with user_session.GetRenderer().start():
plugin_cls, flags = args.parse_args(
argv=argv, global_arg_cb=global_arg_cb,
user_session=user_session)
# Install any quotas the user requested.
user_session = quotas.wrap_session(user_session)
try:
# Run the plugin with plugin specific args.
user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags))
except Exception as e:
logging.fatal("%s. Try --debug for more information." % e)
if getattr(flags, "debug", None):
pdb.post_mortem(sys.exc_info()[2])
raise
finally:
user_session.Flush()
def setUpClass(cls):
"""Bring up the HTTP server locally for tests."""
cls._session = rekall_session.InteractiveSession(logging_level=10)
port = portpicker.PickUnusedPort()
cls.tempdir = tempfile.mkdtemp()
cls.config = agent.Configuration.from_keywords(
session=cls._session,
server=http_server.HTTPServerPolicy.from_keywords(
session=cls._session,
base_url="http://127.0.0.1:%s/" % port,
root_directory=cls.tempdir,
bind_port=port,
private_key=crypto.RSAPrivateKey(
session=cls._session).generate_key(),
))
cls._session.SetParameter("agent_config_obj", cls.config)
cls.httpd = http_server.RekallHTTPServer(
("127.0.0.1", port),
http_server.RekallHTTPServerHandler,
session=cls._session)
cls.httpd_thread = threading.Thread(target=cls.httpd.serve_forever)
cls.httpd_thread.daemon = True
cls.httpd_thread.start()
cls.base_url = "http://%s/%s" % cls.httpd.server_address
def main(argv=None):
# New user interactive session (with extra bells and whistles).
user_session = session.InteractiveSession()
user_session.session_list.append(user_session)
text_renderer = text.TextRenderer(session=user_session)
with text_renderer.start():
plugin_cls, flags = args.parse_args(argv=argv,
user_session=user_session)
# Determine if an external script needs to be run first.
if getattr(flags, "run", None):
# Export the session object to the external script.
user_session.locals["session"] = user_session
exec open(flags.run) in user_session.locals
try:
# Run the plugin with plugin specific args.
user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags))
except Exception as e:
logging.fatal("%s. Try --debug for more information." % e)
if getattr(flags, "debug", None):
pdb.post_mortem(sys.exc_info()[2])
raise
finally:
user_session.Flush()
def main(argv=None):
# New user interactive session (with extra bells and whistles).
user_session = session.InteractiveSession()
user_session.session_list.append(user_session)
text_renderer = text.TextRenderer(session=user_session)
with text_renderer.start():
plugin_cls, flags = args.parse_args(argv=argv,
user_session=user_session)
# Determine if an external script needs to be run first.
if getattr(flags, "run", None):
# Export the session object to the external script.
user_session.locals["session"] = user_session
exec open(flags.run) in user_session.locals
try:
# Run the plugin with plugin specific args.
user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags))
except Exception as e:
if getattr(flags, "debug", None):
pdb.post_mortem(sys.exc_info()[2])
else:
logging.error("%s. Try --debug for more information." % e)
# Exit with an error.
sys.exit(-1)
# Right before we exit we check if we need to save the current session.
if user_session.state.session_filename and (
user_session.state.dirty or user_session.state.cache.dirty):
user_session.SaveToFile(user_session.state.session_filename)
def GenerateTests(self, config, flags):
"""Generates test classes for all the plugins.
Each plugin must have at least one test. Plugin tests are subclasses of
the testlib.RekallBaseUnitTestCase class,
"""
result = self.GenerateInlineTests(config)
# Pull the profile path etc from the rekall config file.
kwargs = rekall_config.GetConfigFile(session.Session())
# Get the disabled tests.
disabled = config.pop("disabled", [])
for x, y in flags.items():
if x.startswith("--"):
kwargs[x[2:]] = y
s = session.InteractiveSession(**kwargs)
# A map of all the specialized tests which are defined. Only include
# those classes which are active for the currently selected profile.
plugins_with_test = set()
for _, cls in testlib.RekallBaseUnitTestCase.classes.items():
if cls.is_active(s):
result.append(cls)
plugin_name = cls.CommandName()
if plugin_name:
plugins_with_test.add(plugin_name)
# Now generate tests automatically for all other plugins.
for cls in plugin.Command.classes.values():
if cls.name in plugins_with_test:
continue
# We can not test interactive plugins in this way.
if cls.interactive:
continue
# Remove classes which are not active.
if not cls.is_active(s):
continue
# Automatically create a new test based on testlib.SimpleTestCase.
try:
result.append(type(
"Test%s" % cls.__name__, (testlib.SimpleTestCase,),
dict(PARAMETERS=dict(commandline=cls.name))))
except RuntimeError:
pass
# Remove the disabled tests.
return [x for x in result if x.__name__ not in disabled]
def MakeUserSession(self, config_options=None):
if config_options is None:
config_options = self.config_options or {}
user_session = rekall_session.InteractiveSession()
with user_session.state as state:
config.MergeConfigOptions(state, user_session)
for k, v in config_options.items():
if k.startswith("--"):
state.Set(k[2:], v)
return user_session
def main(argv=None):
# IPython notebook launches the IPython kernel by re-spawning the main
# binary with its own command line args. This hack traps this and diverts
# execution to IPython itself.
if len(sys.argv) > 2 and sys.argv[1] == "-c":
to_run = sys.argv[2]
if ".kernelapp" in to_run:
exec(to_run)
return
# New user interactive session (with extra bells and whistles).
user_session = session.InteractiveSession()
flags = args.parse_args(argv=argv, user_session=user_session)
# Determine if an external script needs to be run first.
if getattr(flags, "run", None):
exec open(flags.run) in user_session._locals
# Run a module and do not drop into the shell.
if getattr(flags, "module", None):
# Run the module
try:
# Explicitly disable our handling of the pager since we are not
# running in interactive mode.
user_session.RunPlugin(flags.module, flags=flags)
except Exception as e:
if getattr(flags, "debug", None):
pdb.post_mortem(sys.exc_info()[2])
else:
logging.error("%s. Try --debug for more information." % e)
else:
# Interactive session, turn off object access logging since in
# interactive mode, the user may use arbitrary object members.
os.environ.pop(obj.ProfileLog.ENVIRONMENT_VAR, None)
user_session.mode = "Interactive"
# Try to launch the session using something.
if user_session.state.ipython_engine == "notebook":
ipython_support.NotebookSupport(user_session)
else:
_ = (IPython012Support(user_session)
or NativePythonSupport(user_session))
# Right before we exit we check if we need to save the current session.
if user_session.state.session_filename and (
user_session.state.dirty or user_session.state.cache.dirty):
user_session.SaveToFile(user_session.state.session_filename)
def main(_):
start = time.time()
# We dont want a pager for the main view.
user_session = session.InteractiveSession(pager="-")
renderer = text.TextRenderer(session=user_session)
with renderer.start():
with RekallTester(renderer=renderer) as tester:
tester.RunTests()
tester.renderer.write(
"Completed %s tests (%s passed, %s failed, %s rebuild) in "
"%s Seconds.\n" % (len(tester.successes) + len(tester.failures),
len(tester.successes), len(tester.failures),
tester.rebuilt, int(time.time() - start)))
# Return an error when any tests failed.
if tester.failures:
sys.exit(-1)
def ImportEnvironment(**kwargs):
"""Initialize a caller's environment.
Creates a new interactive environment and installs it into the caller's
local namespace. After this call the usual rekall interactive environment
will be added in the caller's local namespace.
For example:
from rekall import interactive
interactive.ImportEnvironment()
# Update the filename, load profile etc.
rekal filename="xpimage.dd"
# Run the pslist command rendering to stdout.
print pslist()
"""
isession = session.InteractiveSession(**kwargs)
with isession.state as state:
config.MergeConfigOptions(state)
stack = inspect.stack()
# pylint: disable=protected-access
isession._locals = stack[1][0].f_locals
isession._prepare_local_namespace()
# For IPython fix up the completion.
try:
shell = IPython.get_ipython()
if shell:
shell.Completer.matchers.insert(
0,
lambda x: ipython_support.RekallCompleter(shell.Completer, x))
shell.Completer.merge_completions = False
except Exception, e:
print e
