コード例 #1
0
	def get_new_moddump(self, old, new, deps):
		"""
		Dumps new drivers.
		"""
		moddir = os.path.join(os.path.dirname(self.memfile), "drivers//")
                res = self.get_new_objects(old, new, deps)

                # Copy new drivers to dir
                for new_driver in res:
			utils.copy_safe(new["moddump"]["config"]["dump_dir"] + \
			"/driver.{0:x}.sys".format(new_driver["module_base"]), moddir + new_driver["module_name"])
		utils.remove_dir_safe(old["moddump"]["config"]["dump_dir"])
		utils.remove_dir_safe(new["moddump"]["config"]["dump_dir"])
		return res
コード例 #2
0
	def get_new_malfind(self, old, new, deps, dump_dir=None):
		"""
		Gets new malfinds. Filters out malfunds in python processes.
		"""
		found_mals = self.get_new_objects(old, new, deps)
		new_mals = []
		malfinds_dir = os.path.join(os.path.dirname(self.memfile), "malfinds//")
		for m in found_mals:
			if not (m["process_name"] == "python.exe"):
				new_mals.append(m)
		# Copy new drivers to dir
		if dump_dir is not None:
                	for new_mal in new_mals:
				name = "process.{0:#x}.{1:#x}.dmp".format(new_mal["offset"], int(new_mal["vad_start"],16))
				utils.copy_safe(dump_dir + '//' + name, malfinds_dir + name)
                        	utils.remove_dir_safe(old["malfind"]["config"]["dump_dir"])
                        	utils.remove_dir_safe(new["malfind"]["config"]["dump_dir"])

		return new_mals