def _update_runners(self):
super(InteractiveSession, self)._update_runners()
try:
help_profile = self.LoadProfile("help_doc")
except ValueError:
help_profile = None
self._locals['plugins'] = Container()
for cls in plugin.Command.GetActiveClasses(self):
default_args, doc = "", ""
if help_profile:
default_args = help_profile.ParametersForPlugin(cls.__name__)
doc = help_profile.DocsForPlugin(cls.__name__)
name = cls.name
if name:
# Create a runner for this plugin and set its documentation.
runner = obj.Curry(self.RunPlugin,
name,
default_arguments=default_args)
runner.__doc__ = doc
setattr(self._locals['plugins'], name, runner)
self._locals[name] = runner
def _update_runners(self):
self.plugins = Container()
for cls in plugin.Command.GetActiveClasses(self):
name = cls.name
if name:
setattr(self.plugins, name, obj.Curry(cls, session=self))
# Install parameter hooks.
self._parameter_hooks = {}
for cls in kb.ParameterHook.classes.values():
if cls.is_active(self) and cls.name:
self._parameter_hooks[cls.name] = cls(session=self)
def __getattr__(self, name):
"""Gets a wrapped active plugin class.
A convenience function that returns a curry wrapping the plugin class
with the session parameter so users do not need to explicitly pass the
session.
This makes it easy to use in the interactive console:
pslist_plugin = plugins.pslist()
"""
plugin_cls = self.GetPluginClass(name)
if plugin_cls == None:
return plugin_cls
return obj.Curry(plugin_cls, session=self.session)
def UpdateRunners(self):
"""Updates the plugins container with active plugins.
Active plugins may change based on the profile/filename etc.
"""
self.plugins = Container()
for cls in plugin.Command.GetActiveClasses(self):
name = cls.name
if name:
setattr(self.plugins, name, obj.Curry(cls, session=self))
# Install parameter hooks.
self._parameter_hooks = {}
for cls in kb.ParameterHook.classes.values():
if cls.is_active(self) and cls.name:
self._parameter_hooks[cls.name] = cls(session=self)
def _prepare_runner(self, name):
"""Prepare a runner to run the given plugin."""
if self.help_profile is None:
self.help_profile = self.session.LoadProfile("help_doc")
doc = ""
plugin_cls = self.session.plugins.GetPluginClass(name)
default_args = ""
if plugin_cls:
default_args, doc = "", ""
default_args = self.help_profile.ParametersForPlugin(
plugin_cls.__name__)
doc = self.help_profile.DocsForPlugin(plugin_cls.__name__)
# Create a runner for this plugin and set its documentation.
runner = obj.Curry(
self["session"].RunPlugin, name, default_arguments=default_args)
runner.__doc__ = doc
return runner
"""Data types for various compilers.
Different models:
http://www.unix.org/version2/whatsnew/lp64_wp.html
http://en.wikipedia.org/wiki/64-bit_computing
Python standard types:
http://docs.python.org/2/library/struct.html#format-characters
"""
from rekall import obj
# Model on 64 bit unix like operating systems.
LP64 = {
'bool':
obj.Curry(obj.Bool, type_name='bool', format_string='<c'),
# Char is 8 bits.
'char':
obj.Curry(obj.NativeType, type_name='char', format_string='<c'),
'unsigned char':
obj.Curry(obj.NativeType, type_name='unsigned char', format_string='<B'),
# Shorts are 16 bits.
'short':
obj.Curry(obj.NativeType, type_name='short', format_string='<h'),
'unsigned short':
obj.Curry(obj.NativeType, type_name='unsigned short', format_string='<H'),
# ints are 32 bits.
'int':
"""Data types for various compilers.
Different models:
http://www.unix.org/version2/whatsnew/lp64_wp.html
http://en.wikipedia.org/wiki/64-bit_computing
Python standard types:
http://docs.python.org/2/library/struct.html#format-characters
"""
from rekall import obj
# Unambigious types
BASE = {
"uint8_t":
obj.Curry(obj.NativeType, type_name='uint8_t', format_string='<B'),
"uint16_t":
obj.Curry(obj.NativeType, type_name='uint16_t', format_string='<H'),
"uint32_t":
obj.Curry(obj.NativeType, type_name='uint32_t', format_string='<I'),
"uint64_t":
obj.Curry(obj.NativeType, type_name='uint64_t', format_string='<Q'),
}
# Model on 64 bit unix like operating systems.
LP64 = {
'bool':
obj.Curry(obj.Bool, type_name='bool', format_string='<c'),
# Char is 8 bits.
'char':
