def create_encoder(session=None):
if not session:
session = session_module.Session()
renderer = json_renderer.JsonRenderer(session=session, )
return renderer.encoder
def __init__(self, file=None, fd=None, **kwargs):
super(JSONParser, self).__init__(**kwargs)
# Make a json renderer to decode the json stream with.
self.json_renderer = json_renderer.JsonRenderer(session=self.session)
self.file = file
self.fd = fd
def create_decoder(session=None):
if not session:
session = session_module.Session()
json_renderer_obj = json_renderer.JsonRenderer(session=session, )
return json_renderer.JsonDecoder(
session=session,
renderer=json_renderer_obj,
)
def render(self, renderer):
"""Renders the stored JSON file using the default renderer.
To decode the json file we replay the statements into the renderer after
decompressing them.
"""
# Make a json renderer to decode the json stream with.
self.json_renderer = json_renderer.JsonRenderer(session=self.session)
self.fd = renderer.open(filename=self.plugin_args.file, mode="rt")
data = json.load(self.fd)
for statement in data:
self.RenderStatement(statement, renderer)
def rekall_dump_to_haystack(filename, pid, output_folder_name):
# rek.py -f vol/zeus.vmem vaddump -p 856 --dump-dir vol/zeus.vmem.856.dump/ > vol/zeus.vmem.856.dump/mappings.vol
# rek2map.py vol/zeus.vmem.856.dump/mappings.vol > vol/zeus.vmem.856.dump/mappings
# vaddummp
log.debug("rekall_dump_to_haystack %s %p", filename, pid)
if not os.access(output_folder_name, os.F_OK):
os.mkdir(output_folder_name)
from rekall import session
from rekall import plugins
from rekall.ui import json_renderer
s = session.Session(filename=filename,
autodetect=["rsds"],
logger=logging.getLogger(),
profile_path=["http://profiles.rekall-forensic.com"])
task_plugin = s.plugins.vaddump(pid=pid, dump_dir=output_folder_name)
# get a renderer.
renderer = json_renderer.JsonRenderer()
task_plugin.render(renderer)
print(renderer)
maps = []
# FIXME get stdout in here.
with open(filename, 'r') as fin:
entries = fin.readlines()
i_start = entries[0].index('Start')
i_end = entries[0].index('End')
i_path = entries[0].index('Result')
fmt = b'0x%08x'
if i_end - i_start > 12:
fmt = b'0x%016x'
for i, line in enumerate(entries[2:]):
start = int(line[i_start:i_end].strip(), 16)
end = int(line[i_end:i_path].strip(), 16) + 1
path = line[i_path:].strip()
o_path = "%s-%s" % (fmt % start, fmt % end)
# rename file
try:
os.rename(path, o_path)
except OSError as e:
sys.stderr.write('File rename error\n')
# offset is unknown.
print('%s %s r-xp %s 00:00 %d [vol_mapping_%03d]' %
(fmt % start, fmt % end, fmt % 0, 0, i))
pass
def Decoder(self, raw):
"""Safe Unpickling.
Unpickle only safe primitives like tuples, dicts and
strings. Specifically does not allow arbitrary instances to be
recovered.
"""
unpickler = cPickle.Unpickler(cStringIO.StringIO(raw))
unpickler.find_global = None
json_renderer_obj = json_renderer.JsonRenderer(session=self.session)
decoder = json_renderer.JsonDecoder(self.session, json_renderer_obj)
try:
decoded = unpickler.load()
except Exception:
raise io_manager.DecodeError("Unable to unpickle cached object")
return decoder.Decode(decoded)
def CheckObjectSerization(self, obj):
json_renderer_obj = json_renderer.JsonRenderer(session=self.session)
data_export_renderer_obj = data_export.DataExportRenderer(
session=self.session)
# First test json encodings.
encoded = json_renderer_obj.encode(obj)
# Make sure it is json safe.
json.dumps(encoded)
# Now decode it.
decoded = json_renderer_obj.decode(encoded)
self.assertEqual(decoded, obj)
# Now check the DataExportRenderer.
encoded = data_export_renderer_obj.encode(obj)
# Make sure it is json safe.
json.dumps(encoded)
def __init__(self, *args, **kwargs):
super(PicklingDirectoryIOManager, self).__init__(*args, **kwargs)
self.renderer = json_renderer.JsonRenderer(session=self.session)
def setUp(self):
self.session = self.MakeUserSession()
self.renderer = json_renderer.JsonRenderer(session=self.session)
self.encoder = self.renderer.encoder
self.decoder = self.renderer.decoder
def Unserialize(self, lexicon, data):
json_renderer_obj = json_renderer.JsonRenderer(session=self)
decoder = json_renderer.JsonDecoder(self, json_renderer_obj)
decoder.SetLexicon(lexicon)
self.state = Configuration(session=self, **decoder.Decode(data))
