def log_call(self, context, apiname, modulename, arguments): if not self.rawlogfd: raise CuckooOperationalError( "Netlog failure, call before process.") apiindex, status, returnval, tid, timediff = context #log.debug('log_call> tid:{0} apiname:{1}'.format(tid, apiname)) current_time = self.connect_time + datetime.timedelta( 0, 0, timediff * 1000) timestring = logtime(current_time) argumentstrings = [ '{0}->{1}'.format(argname, r) for argname, r in arguments ] if self.logfd: print >> self.logfd, ','.join('"{0}"'.format(i) for i in [ timestring, self.pid, self.procname, tid, self.ppid, modulename, apiname, status, returnval, ] + argumentstrings)
def log_call(self, context, apiname, modulename, arguments): apiindex, status, returnval, tid, timediff = context current_time = self.first_seen + datetime.timedelta( 0, 0, timediff * 1000) timestring = logtime(current_time) self.lastcall = self._parse( [timestring, tid, modulename, apiname, status, returnval] + arguments)
def log_call(self, context, apiname, modulename, arguments): apiindex, status, returnval, tid, timediff = context current_time = self.first_seen + datetime.timedelta(0,0, timediff*1000) timestring = logtime(current_time) self.lastcall = self._parse([timestring, tid, modulename, apiname, status, returnval] + arguments)
def log_call(self, context, apiname, modulename, arguments): if not self.rawlogfd: raise CuckooOperationalError("Netlog failure, call before process.") apiindex, status, returnval, tid, timediff = context #log.debug('log_call> tid:{0} apiname:{1}'.format(tid, apiname)) current_time = self.connect_time + datetime.timedelta(0,0, timediff*1000) timestring = logtime(current_time) argumentstrings = ['{0}->{1}'.format(argname, r) for argname, r in arguments] if self.logfd: print >>self.logfd, ','.join('"{0}"'.format(i) for i in [timestring, self.pid, self.procname, tid, self.ppid, modulename, apiname, status, returnval, ] + argumentstrings)
def run(self): """Run analysis. @return: processes infomartion list. """ results = [] if not os.path.exists(self._logs_path): log.error("Analysis results folder does not exist at path \"%s\".", self._logs_path) return results if len(os.listdir(self._logs_path)) == 0: log.error("Analysis results folder does not contain any file.") return results for file_name in os.listdir(self._logs_path): file_path = os.path.join(self._logs_path, file_name) if os.path.isdir(file_path): continue if not file_path.endswith(".raw"): continue # Invoke parsing of current log file. current_log = ParseProcessLog(file_path) if current_log.process_id == None: continue # If the current log actually contains any data, add its data to # the global results list. results.append({ "process_id": current_log.process_id, "process_name": current_log.process_name, "parent_id": current_log.parent_id, "first_seen": logtime(current_log.first_seen), "calls": current_log }) # Sort the items in the results list chronologically. In this way we # can have a sequential order of spawned processes. results.sort(key=lambda process: process["first_seen"]) return results