def __init__(self, base, config, layered=False, **kwargs):
addrspace.BaseAddressSpace.__init__(self, base, config, **kwargs)
self.as_assert(base == None or layered, 'Must be first address space')
if config.LOPHI_CACHE:
logger.info("LO-PHI Cache ENABLED.")
cache_timeout = 1
else:
cache_timeout = 0
if config.LOCATION.startswith("lophi://"):
location = config.LOCATION[8:]
self.client = MemorySensorPhysical(location,
cache_timeout=cache_timeout)
elif config.LOCATION.startswith("vmi://"):
location = config.LOCATION[6:]
self.client = MemorySensorVirtual(location,
cache_timeout=cache_timeout)
self.dtb = self.get_cr3()
else:
raise (
"Not a valid LO-PHI URN. (lophi:// for physical and vmi:// for virtual)"
)
self.fname = location
self.name = location
self.cache = False
self.cache_data = {}
self.address = 0
if config.RAM_SIZE is None:
print "ERROR/LO-PHI: No RAM size defined. (e.g. --ram_size=12GB)"
sys.exit(0)
self.size = self.parse_byte_amount(config.RAM_SIZE)
self.config = config
self._exclusions = sorted(
[]) # no info about the HW, nothing to exclude
def main(options):
if options.replay_file is not None:
cap_reader = CaptureReader(options.replay_file)
for (ts, data) in cap_reader:
print "Time: ", ts, "s"
print MemorySensorPacket(data)
return
if options.sensor_type == G.MACHINE_TYPES.PHYSICAL:
client = MemorySensorPhysical(options.target,
cache_timeout=0,
use_threading=False)
else:
client = MemorySensorVirtual(options.target)
READ_SIZE = int(options.read_size)
start_addr = options.startaddr
# Create our output file
try:
os.makedirs(os.path.dirname(options.output))
except:
pass
try:
mcap_writer = None
if options.loop_forever == True:
logger.debug("Creating capture file.")
options.output += ".mcap"
mcap_writer = CaptureWriter(options.output)
mcap_writer.start()
else:
logger.debug("Creating dump file.")
options.output += ".mfd"
output_file = open(options.output, "w+")
except:
print "ERROR: Could not open output file."
sys.exit(0)
# Read memory
count = 0
start = time.time()
sensor_packet = MemorySensorPacket()
while True:
try:
# Get memory from remote system
# Read memory
data = client.read(start_addr, READ_SIZE)
# Write to file?
if not options.loop_forever:
output_file.write(data)
else:
sensor_packet.address = start_addr
sensor_packet.data = data
sensor_packet.length = READ_SIZE
mcap_writer.put(sensor_packet)
# Just read once?
if not options.loop_forever:
break
else:
print "Completed read #%d" % count
count += 1
except:
# Just finish up
break
end = time.time()
# Do we have an mcap file to close?
if mcap_writer is not None:
mcap_writer.stop()
else:
# Close output file
output_file.close()
print "Memory dump (%d bytes) written to %s. Took %s seconds." % (
len(data), options.output, end - start)
def __init__(self, vm_name,
vm_type=G.MACHINE_TYPES.KVM,
static_mac=None,
memory_size=1073741824,
cpu_count=1,
force_new=False,
volatility_profile=None,
**kargs):
"""
Initialize
@param config: Machine configuration object
@param init_sensors: Initialize all sensors by default
"""
# Initialize our state variables
self.type = vm_type
self.MACHINE_TYPE = vm_type
class MachineConfig():
# Name
name = vm_name
# DISK
disk = os.path.join(G.DIR_ROOT,G.DIR_VM_OUTPUT,vm_name+".qcow2")
disk_base = None
# Config
vm_config = os.path.join(G.DIR_ROOT,G.DIR_VM_OUTPUT,vm_name+".xml")
config = MachineConfig()
# MAC
if static_mac is None:
config.__dict__['mac_addr'] = self.__get_new_mac()
else:
config.__dict__['mac_addr'] = static_mac
config.__dict__['vm_name'] = vm_name
config.__dict__['memory_size'] = memory_size
config.__dict__['cpu_count'] = cpu_count
config.__dict__['volatility_profile'] = volatility_profile
Machine.__init__(self, config)
# Add all of our sensors
# Control sensor must be added first to interact with libvirt
self.add_sensor(ControlSensorVirtual(vm_name,vm_type))
# What state are we in?
state = self.control.get_state()
# UKNOWN is does not exist
if force_new and state is None:
self.lophi_init()
elif state != G.SENSOR_CONTROL.POWER_STATUS.UNKNOWN:
logger.debug("VM (%s) already exists."%self.config.name)
# Add all of our sensors to this VM
vm_disk = self.disk_get_filename()
if vm_disk is not None:
self.add_sensor(DiskSensorVirtual(vm_disk))
else:
self.add_sensor(DiskSensorVirtual(self.config.disk))
self.add_sensor(CPUSensorVirtual(config.vm_name))
self.add_sensor(MemorySensorVirtual(config.vm_name))
net_iface = self.network_get_interface()
if net_iface is not None:
self.add_sensor(NetworkSensorVirtual(net_iface))
else:
logger.warn("No network intface exists for %s"%self.config.vm_name)
# Do we need to mutex these accesses?
self.REQUIRE_MUTEX = False
if "require_mutex" in kargs and kargs['require_mutex']:
self.REQUIRE_MUTEX = True
# Force a completely fresh instance?
if "force_new" in kargs and kargs['force_new']:
# Poweroff existing machine
self.control.power_off()
