Python ModuleRequirement Examples

Example #1

File: vadinfo.py Project: NiklasBeierl/volatility3

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     # Since we're calling the plugin, make sure we have the plugin's requirements
     return [requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel',
                                            architectures = ["Intel32", "Intel64"]),
             # TODO: Convert this to a ListRequirement so that people can filter on sets of ranges
             requirements.IntRequirement(name = 'address',
                                         description = "Process virtual memory address to include " \
                                                       "(all other address ranges are excluded). This must be " \
                                                       "a base address, not an address within the desired range.",
                                         optional = True),
             requirements.ListRequirement(name = 'pid',
                                          description = 'Filter on specific process IDs',
                                          element_type = int,
                                          optional = True),
             requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)),
             requirements.BooleanRequirement(name = 'dump',
                                             description = "Extract listed memory ranges",
                                             default = False,
                                             optional = True),
             requirements.IntRequirement(name = 'maxsize',
                                         description = "Maximum size for dumped VAD sections " \
                                                       "(all the bigger sections will be ignored)",
                                         default = cls.MAXSIZE_DEFAULT,
                                         optional = True),
             ]

Example #2

File: userassist.py Project: michaelmagyar/volatility3

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel',
                                                  architectures = ["Intel32", "Intel64"]),
         requirements.IntRequirement(name = 'offset', description = "Hive Offset", default = None, optional = True),
         requirements.PluginRequirement(name = 'hivelist', plugin = hivelist.HiveList, version = (1, 0, 0))
     ]

Example #3

File: socket_filters.py Project: michaelmagyar/volatility3

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Kernel module for the OS',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.VersionRequirement(name = 'macutils', component = mac.MacUtilities, version = (1, 0, 0)),
         requirements.PluginRequirement(name = 'lsmod', plugin = lsmod.Lsmod, version = (2, 0, 0))
     ]

Example #4

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     # Since we're calling the plugin, make sure we have the plugin's requirements
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.VersionRequirement(name='pslist',
                                         component=pslist.PsList,
                                         version=(2, 0, 0)),
         requirements.VersionRequirement(name='info',
                                         component=info.Info,
                                         version=(1, 0, 0)),
         requirements.ListRequirement(
             name='pid',
             element_type=int,
             description=
             "Process IDs to include (all other processes are excluded)",
             optional=True),
         requirements.BooleanRequirement(name='dump',
                                         description="Extract listed DLLs",
                                         default=False,
                                         optional=True)
     ]

Example #5

File: lsmod.py Project: michaelmagyar/volatility3

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Kernel module for the OS',
             architectures=["Intel32", "Intel64"]),
     ]

Example #6

File: dumpfiles.py Project: michaelmagyar/volatility3

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     # Since we're calling the plugin, make sure we have the plugin's requirements
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.IntRequirement(
             name='pid',
             description=
             "Process ID to include (all other processes are excluded)",
             optional=True),
         requirements.IntRequirement(
             name='virtaddr',
             description=
             "Dump a single _FILE_OBJECT at this virtual address",
             optional=True),
         requirements.IntRequirement(
             name='physaddr',
             description=
             "Dump a single _FILE_OBJECT at this physical address",
             optional=True),
         requirements.VersionRequirement(name='pslist',
                                         component=pslist.PsList,
                                         version=(2, 0, 0)),
         requirements.VersionRequirement(name='handles',
                                         component=handles.Handles,
                                         version=(1, 0, 0))
     ]

Example #7

File: driverirp.py Project: michaelmagyar/volatility3

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.PluginRequirement(name = 'ssdt', plugin = ssdt.SSDT, version = (1, 0, 0)),
         requirements.PluginRequirement(name = 'driverscan', plugin = driverscan.DriverScan, version = (1, 0, 0)),
     ]

Example #8

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.VersionRequirement(name='netscan',
                                         component=netscan.NetScan,
                                         version=(1, 0, 0)),
         requirements.VersionRequirement(name='modules',
                                         component=modules.Modules,
                                         version=(1, 0, 0)),
         requirements.VersionRequirement(name='pdbutil',
                                         component=pdbutil.PDBUtility,
                                         version=(1, 0, 0)),
         requirements.VersionRequirement(name='info',
                                         component=info.Info,
                                         version=(1, 0, 0)),
         requirements.VersionRequirement(name='verinfo',
                                         component=verinfo.VerInfo,
                                         version=(1, 0, 0)),
         requirements.BooleanRequirement(
             name='include-corrupt',
             description=
             "Radically eases result validation. This will show partially overwritten data. WARNING: the results are likely to include garbage and/or corrupt data. Be cautious!",
             default=False,
             optional=True),
     ]

Example #9

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.PluginRequirement(name = 'poolscanner', plugin = poolscanner.PoolScanner, version = (1, 0, 0)),
         requirements.PluginRequirement(name = 'bigpools', plugin = bigpools.BigPools, version = (1, 0, 0)),
     ]

Example #10

File: psscan.py Project: michaelmagyar/volatility3

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='pslist',
                                        plugin=pslist.PsList,
                                        version=(2, 0, 0)),
         requirements.VersionRequirement(name='info',
                                         component=info.Info,
                                         version=(1, 0, 0)),
         requirements.ListRequirement(
             name='pid',
             element_type=int,
             description=
             "Process ID to include (all other processes are excluded)",
             optional=True),
         requirements.BooleanRequirement(
             name='dump',
             description="Extract listed processes",
             default=False,
             optional=True),
         requirements.BooleanRequirement(
             name='physical',
             description="Display physical offset instead of virtual",
             default=False,
             optional=True)
     ]

Example #11

File: check_syscall.py Project: michaelmagyar/volatility3

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Linux kernel',
             architectures=["Intel32", "Intel64"]),
     ]

Example #12

File: virtmap.py Project: NiklasBeierl/volatility3

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     # Since we're calling the plugin, make sure we have the plugin's requirements
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"])
     ]

Example #13

File: pslist.py Project: michaelmagyar/volatility3

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Linux kernel',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.ListRequirement(name = 'pid',
                                      description = 'Filter on specific process IDs',
                                      element_type = int,
                                      optional = True)
     ]

Example #14

File: psaux.py Project: michaelmagyar/volatility3

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Kernel module for the OS',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (3, 0, 0)),
         requirements.ListRequirement(name = 'pid',
                                      description = 'Filter on specific process IDs',
                                      element_type = int,
                                      optional = True)
     ]

Example #15

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Kernel module for the OS',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='mount',
                                        plugin=mount.Mount,
                                        version=(2, 0, 0)),
     ]

Example #16

File: hashdump.py Project: gcmoreira/volatility3

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='hivelist',
                                        plugin=hivelist.HiveList,
                                        version=(1, 0, 0))
     ]

Example #17

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Kernel module for the OS',
             architectures=["Intel32", "Intel64"]),
         requirements.VersionRequirement(name='macutils',
                                         component=mac.MacUtilities,
                                         version=(1, 0, 0))
     ]

Example #18

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Kernel module for the OS',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='pslist',
                                        plugin=pslist.PsList,
                                        version=(3, 0, 0))
     ]

Example #19

 def get_requirements(cls):
     return ([
         requirements.ModuleRequirement(name='kernel',
                                        description='Windows kernel'),
         requirements.PluginRequirement(name='pslist',
                                        plugin=pslist.PsList,
                                        version=(2, 0, 0)),
         requirements.IntRequirement(name='pid',
                                     description="Process ID",
                                     optional=True)
     ])

Example #20

File: lsof.py Project: NiklasBeierl/volatility3

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Linux kernel',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)),
         requirements.VersionRequirement(name = 'linuxutils', component = linux.LinuxUtilities, version = (2, 0, 0)),
         requirements.ListRequirement(name = 'pid',
                                      description = 'Filter on specific process IDs',
                                      element_type = int,
                                      optional = True)
     ]

Example #21

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)),
         requirements.ListRequirement(name = 'pid',
                                      element_type = int,
                                      description = "Process ID to include (all other processes are excluded)",
                                      optional = True),
         requirements.URIRequirement(name = "strings_file", description = "Strings file")
     ]

Example #22

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='modules',
                                        plugin=modules.Modules,
                                        version=(1, 0, 0)),
     ]

Example #23

File: mac.py Project: gcmoreira/volatility3

 def get_requirements(cls):
     return ([
         requirements.ModuleRequirement(name="kernel",
                                        description="Darwin kernel module"),
         requirements.PluginRequirement(name='pslist',
                                        plugin=pslist.PsList,
                                        version=(3, 0, 0)),
         requirements.IntRequirement(name='pid',
                                     description="Process ID",
                                     optional=True)
     ])

Example #24

File: check_modules.py Project: NiklasBeierl/volatility3

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Linux kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='lsmod',
                                        plugin=lsmod.Lsmod,
                                        version=(2, 0, 0))
     ]

Example #25

File: cmdline.py Project: NiklasBeierl/volatility3

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     # Since we're calling the plugin, make sure we have the plugin's requirements
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel',
                                        architectures = ["Intel32", "Intel64"]),
         requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)),
         requirements.ListRequirement(name = 'pid',
                                      element_type = int,
                                      description = "Process IDs to include (all other processes are excluded)",
                                      optional = True)
     ]

Example #26

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(
             name="kernel",
             description="Windows kernel",
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name="driverscan",
                                        plugin=driverscan.DriverScan,
                                        version=(1, 0, 0)),
     ]

Example #27

File: keyboard_notifiers.py Project: NiklasBeierl/volatility3

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Linux kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='lsmod',
                                        plugin=lsmod.Lsmod,
                                        version=(2, 0, 0)),
         requirements.VersionRequirement(name='linuxutils',
                                         component=linux.LinuxUtilities,
                                         version=(2, 0, 0))
     ]

Example #28

File: lsadump.py Project: michaelmagyar/volatility3

 def get_requirements(cls):
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.VersionRequirement(name='hashdump',
                                         component=hashdump.Hashdump,
                                         version=(1, 1, 0)),
         requirements.VersionRequirement(name='hivelist',
                                         component=hivelist.HiveList,
                                         version=(1, 0, 0))
     ]

Example #29

File: hivelist.py Project: michaelmagyar/volatility3

 def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel',
                                                  architectures = ["Intel32", "Intel64"]),
         requirements.StringRequirement(name = 'filter',
                                        description = "String to filter hive names returned",
                                        optional = True,
                                        default = None),
         requirements.PluginRequirement(name = 'hivescan', plugin = hivescan.HiveScan, version = (1, 0, 0)),
         requirements.BooleanRequirement(name = 'dump',
                                         description = "Extract listed registry hives",
                                         default = False,
                                         optional = True)
     ]

Example #30

File: callbacks.py Project: michaelmagyar/volatility3

 def get_requirements(
         cls) -> List[interfaces.configuration.RequirementInterface]:
     return [
         requirements.ModuleRequirement(
             name='kernel',
             description='Windows kernel',
             architectures=["Intel32", "Intel64"]),
         requirements.PluginRequirement(name='ssdt',
                                        plugin=ssdt.SSDT,
                                        version=(1, 0, 0)),
         requirements.PluginRequirement(name='svcscan',
                                        plugin=svcscan.SvcScan,
                                        version=(1, 0, 0))
     ]