def get_new_moddump(self, old, new, deps): """ Dumps new drivers. """ moddir = os.path.join(os.path.dirname(self.memfile), "drivers//") res = self.get_new_objects(old, new, deps) # Copy new drivers to dir for new_driver in res: utils.copy_safe(new["moddump"]["config"]["dump_dir"] + \ "/driver.{0:x}.sys".format(new_driver["module_base"]), moddir + new_driver["module_name"]) utils.remove_dir_safe(old["moddump"]["config"]["dump_dir"]) utils.remove_dir_safe(new["moddump"]["config"]["dump_dir"]) return res
def get_new_malfind(self, old, new, deps, dump_dir=None): """ Gets new malfinds. Filters out malfunds in python processes. """ found_mals = self.get_new_objects(old, new, deps) new_mals = [] malfinds_dir = os.path.join(os.path.dirname(self.memfile), "malfinds//") for m in found_mals: if not (m["process_name"] == "python.exe"): new_mals.append(m) # Copy new drivers to dir if dump_dir is not None: for new_mal in new_mals: name = "process.{0:#x}.{1:#x}.dmp".format(new_mal["offset"], int(new_mal["vad_start"],16)) utils.copy_safe(dump_dir + '//' + name, malfinds_dir + name) utils.remove_dir_safe(old["malfind"]["config"]["dump_dir"]) utils.remove_dir_safe(new["malfind"]["config"]["dump_dir"]) return new_mals