예제 #1
0
파일: windows.py 프로젝트: zzzzpaul/grr 
    def Run(self, args):
        """Run."""
        # This action might crash the box so we need to flush the transaction log.
        self.SyncTransactionLog()

        # Do any initialization we need to do.
        logging.debug("Querying device %s", args.path)

        fd = win32file.CreateFile(
            args.path, win32file.GENERIC_READ | win32file.GENERIC_WRITE,
            win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE, None,
            win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_NORMAL, None)

        data = win32file.DeviceIoControl(fd, INFO_IOCTRL, "", 1024, None)
        fmt_string = "QQl"
        cr3, _, number_of_runs = struct.unpack_from(fmt_string, data)

        result = rdfvalue.MemoryInformation(
            cr3=cr3,
            device=rdfvalue.PathSpec(
                path=args.path, pathtype=rdfvalue.PathSpec.PathType.MEMORY))

        offset = struct.calcsize(fmt_string)
        for x in range(number_of_runs):
            start, length = struct.unpack_from("QQ", data, x * 16 + offset)
            result.runs.Append(offset=start, length=length)

        self.SendReply(result)
예제 #2
0
    def GetMemoryInformation(self, _):
        reply = rdfvalue.MemoryInformation(device=rdfvalue.PathSpec(
            path=r"\\.\pmem", pathtype=rdfvalue.PathSpec.PathType.MEMORY))
        reply.runs.Append(offset=0x1000, length=0x10000)
        reply.runs.Append(offset=0x20000, length=0x10000)

        return [reply]
예제 #3
0
 def Start(self):
   self.SendReply(rdfvalue.MemoryInformation(
       device=rdfvalue.PathSpec(
           path=os.path.join(config_lib.CONFIG["Test.data_dir"], "auth.log"),
           pathtype=rdfvalue.PathSpec.PathType.OS),
       runs=[rdfvalue.BufferReference(length=638976, offset=5),
             rdfvalue.BufferReference(length=145184, offset=643074)]))
예제 #4
0
            def GetMemoryInformation(self, _):
                """Mock out the driver loading code to pass the memory image."""
                reply = rdfvalue.MemoryInformation(device=rdfvalue.PathSpec(
                    path=image_path, pathtype=rdfvalue.PathSpec.PathType.OS))

                reply.runs.Append(offset=0, length=1000000000)

                return [reply]
예제 #5
0
파일: linux.py 프로젝트: timevortex/grr 
    def Run(self, args):
        """Run."""
        result = rdfvalue.MemoryInformation()

        # Try if we can actually open the device.
        with open(args.path, "rb") as fd:
            fd.read(5)

        result.device = rdfvalue.PathSpec(
            path=args.path, pathtype=rdfvalue.PathSpec.PathType.MEMORY)

        self.SendReply(result)
예제 #6
0
    def Run(self, args):
        """Run."""
        # This action might crash the box so we need to flush the transaction log.
        self.SyncTransactionLog()

        # Do any initialization we need to do.
        logging.debug("Querying device %s", args.path)
        mem_dev = open(args.path, "rb")

        result = rdfvalue.MemoryInformation(
            cr3=memory.OSXMemory.GetCR3(mem_dev),
            device=rdfvalue.PathSpec(
                path=args.path, pathtype=rdfvalue.PathSpec.PathType.MEMORY))
        for start, length in memory.OSXMemory.GetMemoryMap(mem_dev):
            result.runs.Append(offset=start, length=length)
        self.SendReply(result)
예제 #7
0
 def Start(self):
     self.SendReply(
         rdfvalue.MemoryInformation(device=rdfvalue.PathSpec(
             path=os.path.join(config_lib.CONFIG["Test.data_dir"],
                               "auth.log"),
             pathtype=rdfvalue.PathSpec.PathType.OS)))