def __getstate__(self):
""" This controls how we pickle and unpickle the objects """
try:
thetype = self._vol_theType.__name__
except AttributeError:
thetype = self._vol_theType
# Note: we lose the parent attribute here
result = dict(offset=self.obj_offset,
name=self.obj_name,
vm=self.obj_vm,
native_vm=self.obj_native_vm,
theType=thetype)
## Introspect the kwargs for the constructor and store in the dict
try:
for arg in self.__init__.func_code.co_varnames:
if (arg not in result
and arg not in "self parent profile args".split()):
result[arg] = self.__dict__[arg]
except KeyError:
debug.post_mortem()
raise pickle.PicklingError(
"Object {0} at 0x{1:08x} cannot be cached because of missing attribute {2}"
.format(self.obj_name, self.obj_offset, arg))
return result
def __getstate__(self):
""" This controls how we pickle and unpickle the objects """
try:
thetype = self._vol_theType.__name__
except AttributeError:
thetype = self._vol_theType
# Note: we lose the parent attribute here
result = dict(offset = self.obj_offset,
name = self.obj_name,
vm = self.obj_vm,
native_vm = self.obj_native_vm,
theType = thetype)
## Introspect the kwargs for the constructor and store in the dict
try:
for arg in self.__init__.func_code.co_varnames:
if (arg not in result and
arg not in "self parent profile args".split()):
result[arg] = self.__dict__[arg]
except KeyError:
debug.post_mortem()
raise pickle.PicklingError("Object {0} at 0x{1:08x} cannot be cached because of missing attribute {2}".format(self.obj_name, self.obj_offset, arg))
return result
def execute(self):
if self._config.UNIT_TEST:
print "Setting CacheNodes to TestNodes"
cache.CACHE = cache.CacheTree(cache.CacheStorage(), cls = TestNode, invalidator = cache.CACHE.invalidator)
cmds = MemoryRegistry.PLUGIN_COMMANDS.commands
modules = None
if self._config.MODULES:
modules = self._config.MODULES.split(",")
for cmdname in cmds:
if modules and cmdname not in modules:
continue
try:
# TODO: This won't work until ConfObejct isn't a singleton class
config = conf.ConfObject()
command = MemoryRegistry.PLUGIN_COMMANDS[cmdname](config)
if isinstance(command, cache.Testable):
print "Executing {0}".format(cmdname)
command.test()
except Exception, e:
print "Error running {0} - {1}".format(cmdname, e)
debug.post_mortem()
def run_imports(self):
"""Imports all the already found modules"""
for i in self.modnames.keys():
if self.modnames[i] is not None:
try:
__import__(i)
except Exception, e:
#print "*** Failed to import " + i + " (" + str(e.__class__.__name__) + ": " + str(e) + ")"
# This is too early to have had the debug filter lowered to include debugging messages
debug.post_mortem(2)
def run_imports(self):
"""Imports all the already found modules"""
for i in self.modnames.keys():
if self.modnames[i] is not None:
try:
__import__(i)
except Exception, e:
#print "*** Failed to import " + i + " (" + str(e.__class__.__name__) + ": " + str(e) + ")"
# This is too early to have had the debug filter lowered to include debugging messages
debug.post_mortem(2)
debug.error("Unable to dump guest")
print "Chosen guest dumped to %s" % filepath
if dom == None:
debug.error("Domain crashed!")
print "Guest memory dump complete! Location: %s" % filepath
conn.close()
config.LOCATION = "file://" + filepath
except:
print traceback.format_exc()
debug.error("Failed to find domain")
if not config.LOCATION and not config.XENDOMAIN:
debug.error("Please specify filename (-f) or XEN domain (-x)")
command.execute()
except exceptions.VolatilityException, e:
print e
if __name__ == "__main__":
config.set_usage(usage = "Volatility - A memory forensics analysis platform.")
config.add_help_hook(list_plugins)
try:
main()
except Exception, ex:
if config.DEBUG:
debug.post_mortem()
else:
raise
except KeyboardInterrupt:
print "Interrupted"
debug.error("You must specify something to do (try -h)")
try:
if module in cmds.keys():
command = cmds[module](config)
## Register the help cb from the command itself
config.set_help_hook(obj.Curry(command_help, command))
config.parse_options()
if not config.LOCATION:
debug.error("Please specify a location (-l) or filename (-f)")
command.execute()
except exceptions.VolatilityException, e:
print e
if __name__ == "__main__":
config.set_usage(usage = "Volatility - A memory forensics analysis platform.")
config.add_help_hook(list_plugins)
try:
main()
except Exception, ex:
if config.DEBUG:
debug.post_mortem()
else:
raise
except KeyboardInterrupt:
print "Interrupted"