Python YaraProcessDumpInformation 예제들

프로그래밍 언어: Python

네임스페이스/패키지 이름: grr.lib.rdfvalues.rdf_yara

메소드/함수: YaraProcessDumpInformation

hotexamples.com에서의 예제들: 2

Python YaraProcessDumpInformation - 2개의 예제가 발견되었습니다. 이것들은 오픈소스 프로젝트에서 추출된 Python의 grr.lib.rdfvalues.rdf_yara.YaraProcessDumpInformation에 대한 실세계 최고 등급의 예제들입니다. 예제들을 평가하여 예제의 품질 향상에 도움을 줄 수 있습니다.

예제 #1

파일 보기

    def DumpProcess(self, psutil_process, bytes_limit):
        response = rdf_yara.YaraProcessDumpInformation()
        response.process = rdf_client.Process.FromPsutilProcess(psutil_process)

        iterator = yara_procdump.process_memory_iterator(
            pid=psutil_process.pid)
        name = psutil_process.name()

        with tempfiles.TemporaryDirectory(cleanup=False) as tmp_dir:
            for block in iterator:

                filename_template = "%s_%d_%x_%x.tmp"
                filename = os.path.join(
                    tmp_dir.path,
                    filename_template % (name, psutil_process.pid, block.base,
                                         block.base + block.size))

                if bytes_limit and self.bytes_written + block.size > bytes_limit:
                    response.error = (
                        "Memory limit exceeded. Wrote %d bytes, "
                        "next block is %d bytes, limit is %d." %
                        (self.bytes_written, block.size, bytes_limit))
                    return response

                with open(filename, "wb") as fd:
                    fd.write(block)

                self.bytes_written += block.size

                response.dump_files.Append(
                    rdf_paths.PathSpec(
                        path=filename,
                        pathtype=rdf_paths.PathSpec.PathType.TMPFILE))
        return response

예제 #2

파일 보기

파일: yara_actions.py 프로젝트: dc865/grr

    def DumpProcess(self, psutil_process, args):
        response = rdf_yara.YaraProcessDumpInformation()
        response.process = rdf_client.Process.FromPsutilProcess(psutil_process)

        process = client_utils.OpenProcessForMemoryAccess(
            pid=psutil_process.pid)

        bytes_limit = args.size_limit

        with process:
            streamer = streaming.MemoryStreamer(process,
                                                chunk_size=args.chunk_size)

            with tempfiles.TemporaryDirectory(cleanup=False) as tmp_dir:
                for start, length in client_utils.MemoryRegions(process, args):

                    if bytes_limit and self.bytes_written + length > bytes_limit:
                        response.error = (
                            "Byte limit exceeded. Wrote %d bytes, "
                            "next block is %d bytes, limit is %d." %
                            (self.bytes_written, length, bytes_limit))
                        return response

                    end = start + length
                    filename = "%s_%d_%x_%x.tmp" % (
                        psutil_process.name(), psutil_process.pid, start, end)
                    filepath = os.path.join(tmp_dir.path, filename)

                    bytes_written = self._SaveMemDumpToFilePath(
                        filepath, streamer, start, length)

                    if not bytes_written:
                        continue

                    self.bytes_written += bytes_written
                    response.dump_files.Append(
                        rdf_paths.PathSpec(
                            path=filepath,
                            pathtype=rdf_paths.PathSpec.PathType.TMPFILE))

        return response