def run_analysis(options): # Get our FTP IP try: ftp_ip = NET.get_ip_address(options.ftp_interface) except: logger.error("Could not find ip for the given interface. (%s)"% options.ftp_interface) # Add a sensors to physical machines if needed if options.machine_type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False if options.machine_config is None: logger.error("No machine config file given.") return # This isn't the class we use in practice, but fake it here for simplicity machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file."%options.machine) logger.error("Valid targets are: %s"%machines.keys()) return # Get our machine object machine = machines[options.machine] # Ensure that a sensor config is defined if options.sensor_config is None: logger.error("A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "* Trying to find physical sensors for %s..."%options.machine added_sensors = machine.add_sensors(sensors) else: machine = VirtualMachine(options.machine, vm_type=options.machine_type, volatility_profile=options.profile) ftp_info = {'user':G.FTP_USER, 'pass':G.FTP_PASSWORD, 'ip':ftp_ip, 'port':G.FTP_PORT, 'dir':None } print "* Machine is: %s"%machine.power_status() ra = RemoteAnalysis(options.profile, machine.control, ftp_info) parameters = { # 1:'INTmark (write)', # 2:'INTmark (Read)', 3:'INTmem', # 4:'FLOATmark (write)', # 5:'FLOATmark (Read)', 6:'FLOATmem', # 7:'MMXmark (write)', # 8:'MMXmark (Read)', 9:'MMXmem', # 10:'SSEmark (write)', # 11:'SSEmark (Read)', 12:'SSEmem' } # Create a run for all of our parameters (Only *mem will run in batches) for b_param in parameters: # Should we be reading memory? if options.enable_sensor: memory_thread = MemoryThread(machine) memory_thread.daemon = True memory_thread.start() param_name = parameters[b_param] print "* Running %s test, %d times..."%(param_name, options.run_count) response = ra.run_analysis("ramspeed-win32.exe -b %d -l %d"%( b_param, options.run_count), "artifacts-memory", init_commands=[], bind_ip=ftp_ip) # Now store our results results_file = os.path.join(options.output_dir, "trial_b%d_l%d.txt"%(b_param, options.run_count)) sensor_file = os.path.join(options.output_dir, "trial_b%d_l%d_sensor.txt"%(b_param, options.run_count)) print "* Storing results (%d bytes) in %s."%(len(response),results_file) f = open(results_file, "w+") f.write(response) f.close() if options.enable_sensor: (time_elapsed, bytes_read) = memory_thread.join() f = open(sensor_file, "w+") f.write(str(time_elapsed)+"\t"+str(bytes_read)) f.close()
def run_analysis(options): # Get our FTP IP try: ftp_ip = NET.get_ip_address(options.ftp_interface) except: logger.error("Could not find ip for the given interface. (%s)" % options.ftp_interface) # Add a sensors to physical machines if needed if options.machine_type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False if options.machine_config is None: logger.error("No machine config file given.") return # This isn't the class we use in practice, but fake it here for simplicity machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file." % options.machine) logger.error("Valid targets are: %s" % machines.keys()) return # Get our machine object machine = machines[options.machine] # Ensure that a sensor config is defined if options.sensor_config is None: logger.error( "A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "Trying to find physical sensors for %s..." % options.machine added_sensors = machine.add_sensors(sensors) if options.enable_sensor: machine.disk.sata_enable_all() else: machine = VirtualMachine(options.machine, vm_type=options.machine_type, volatility_profile=options.profile) ftp_info = { 'user': G.FTP_USER, 'pass': G.FTP_PASSWORD, 'ip': ftp_ip, 'port': G.FTP_PORT, 'dir': None } print machine.power_status() ra = RemoteAnalysis(options.profile, machine.control, ftp_info) for trial in range(44, options.run_count): print "Running trial #%d..." % trial # Should we fire up our disk sensor? # if options.enable_sensor: # log_dcap_filename = os.path.join(options.output_dir,"trial_%d.dcap"%trial) # log_dcap_queue = multiprocessing.Queue() # log_dcap_writer = CaptureWriter(log_dcap_filename, # log_dcap_queue) # log_dcap_writer.start() # # dcap_engine = DiskCaptureEngine(machine, log_dcap_queue) # dcap_engine.start() iozone_cmd = "iozone.exe -a -g 2G -i 0 -i 1" response = ra.run_analysis( iozone_cmd, None, init_commands=["cd C:\Program Files\Benchmarks\Iozone3_414"], bind_ip=ftp_ip) f = open(os.path.join(options.output_dir, "trial_%d.txt" % trial), "w+") f.write(response) f.close() # if options.enable_sensor: # dcap_engine.stop() # log_dcap_writer.stop() print response
def main(options): """ Implement your function here """ # Keep track of the type of analysis that is possible (for physical) has_memory = has_disk = True # Add a sensors to physical machines if needed if options.machine_type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False if options.machine_config is None: logger.error("No machine config file given.") return # This isn't the class we use in practice, but fake it here for simplicity machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file."%options.machine) logger.error("Valid targets are: %s"%machines.keys()) return # Get our machine object machine = machines[options.machine] # Ensure that a sensor config is defined if options.sensor_config is None: logger.error("A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "Trying to find physical sensors for %s..."%options.machine added_sensors = machine.add_sensors(sensors) # See which sensors were added for sensor in added_sensors: print "* Added %s to %s"%(sensor.id,machine.config.name) if issubclass(sensor.__class__,MemorySensor): has_memory = True if issubclass(sensor.__class__,DiskSensor): has_disk = True else: machine = VirtualMachine(options.machine, vm_type=options.machine_type, volatility_profile=options.volatility_profile) if options.analysis is not None: analysis = analysis_scripts[options.analysis] lae = LoPhiAnalysisEngine() lae.start(analysis[0],machine=machine) print "Running Analysis (%s)..."%options.analysis while True: print "* The following commands are available" print " p - Pause, r - Resume, s - Stop" command = raw_input('cmd: ') if command == "p": lae.pause() print "Analysis PAUSED." elif command == "r": lae.resume() print "Analysis RESUMED." elif command == "s": lae.stop() print "Analysis STOPPED." sys.exit(0) else: print "Unrecognized command (%s)."%command if False and has_memory: print "Starting memory analysis" # Create a queue and start our analysis output_queue = multiprocessing.Queue() mem_analysis = MemoryAnalysisEngine(machine, output_queue, plugins=['pslist']) mem_cap = CaptureWriter("memory.cap",output_queue) # mem_cap.start() mem_analysis.start() for i in range(10): print output_queue.get() # mem_cap.stop() mem_analysis.stop() if has_disk: print "Starting disk analysis" # create a queue and start analysis output_queue = multiprocessing.Queue() disk_analysis = DiskAnalysisEngine(machine, output_queue) disk_cap = CaptureWriter("disk.cap",output_queue) # disk_cap.start() disk_analysis.start() for i in range(100): print output_queue.get() # disk_cap.stop() disk_analysis.stop()
def main(options): """ Main function """ if options.machine_config is None: logger.error("No config file given.") return if options.command_file is None: logger.error("No script file provided.") return # This isn't the class we use in practice, but fake it here for simplicity # Get list of machine objects machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file."%options.machine) logger.error("Valid targets are: %s"%machines.keys()) return machine = machines[options.machine] # Add a sensors to physical machines if needed if machine.type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False # Ensure that a sensor config is defined if options.sensor_config is None: logger.error("A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "Trying to find physical sensors for %s..."%options.machine added_sensors = machine.add_sensors(sensors) # Check that we can do both memory and disk analysis if not machine.memory: logger.error("No memory sensor available for analysis! Quitting.") return if not machine.disk: logger.error("No disk sensor available for analysis! Quitting.") return if not machine.control: logger.error("No control sensor available for analysis! Quitting.") return # load the command script if not os.path.exists(options.command_file): logger.error("File (%s) does not exist!" % options.command_file) sys.exit(0) # prepare the command script parser parser = None if machine.type == G.MACHINE_TYPES.PHYSICAL: parser = KeypressGeneratorPhysical() else: parser = KeypressGeneratorVirtual() # open file f = open(options.command_file, 'r') script_text = f.read() f.close() script = parser.text_to_script(script_text) # Start the trials for trial_num in range(options.trials): print "Running trial %d" % trial_num # Prep the machine -- reset it if machine.type != G.MACHINE_TYPES.PHYSICAL: machine.machine_reset() else: machine.machine_reset(options.pxe_server) machine.power_off() # Wait for machine to shutdown time.sleep(15) # Wait until machine has an ip address logger.info("Waiting to get IP address of machine from PXE Server.") start_time = time.time() timeout = 360 while True: #machine.ip_addr = get_ip(options.pxe_server, machine.get_mac_addr()) if (time.time() - start_time) > timeout: logger.error("Could not get ip address for test machine from PXE Server for %d s" % timeout) break ip = machine.get_ip_addr(options.pxe_server) if ip: logger.info("Machine has IP address %s" % ip) break # wait until machine is up logger.info("Waiting for machine to be up on the network.") start_time = time.time() timeout = 360 while True: if (time.time() - start_time) > timeout: logger.error("Timed out while waiting for machine to come back up (e.g. waiting for system to boot)") break if machine.get_net_status(): break logger.info("Machine is back up. Commencing analysis.") if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Pausing Virtual Machine!") machine.machine_pause() else: # pass logger.info("Pausing Physical Machine Not Implemented Yet!") # Take memory snapshot #1 logger.info("Taking start memory dump") #memory_dump(machine, os.path.join(options.output_dir, "mem_dump_start" + str(trial_num))) # TODO: Spawn data consumers for disk and memory? logger.info("TODO: Starting disk analysis") # Resume machine if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Resuming Virtual Machine!") machine.machine_resume() else: # pass logger.info("Resuming Physical Machine Not Implemented Yet!") # Run command script and wait runtime seconds logger.info("Running %s script for %d seconds." % (options.command_file, options.runtime)) machine.keypress_send(script) time.sleep(options.runtime) # pause machine if VM if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Pausing Virtual Machine!") machine.machine_pause() else: # pass logger.info("Pausing Physical Machine Not Implemented Yet!") logger.info("TODO: Stopping disk analysis") #disk_analysis.stop() # Take memory snapshot #2 logger.info("Taking end memory dump") #memory_dump(machine, os.path.join(options.output_dir, "mem_dump_end" + str(trial_num))) # Resume machine if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Resuming Virtual Machine!") machine.machine_resume() else: # pass logger.info("Resuming Physical Machine Not Implemented Yet!") print "Completed trial %d" % trial_num print "Completed all trials."
def run_analysis(options): # Get our FTP IP try: ftp_ip = NET.get_ip_address(options.ftp_interface) except: logger.error("Could not find ip for the given interface. (%s)" % options.ftp_interface) # Add a sensors to physical machines if needed if options.machine_type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False if options.machine_config is None: logger.error("No machine config file given.") return # This isn't the class we use in practice, but fake it here for simplicity machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file." % options.machine) logger.error("Valid targets are: %s" % machines.keys()) return # Get our machine object machine = machines[options.machine] # Ensure that a sensor config is defined if options.sensor_config is None: logger.error( "A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "* Trying to find physical sensors for %s..." % options.machine added_sensors = machine.add_sensors(sensors) else: machine = VirtualMachine(options.machine, vm_type=options.machine_type, volatility_profile=options.profile) ftp_info = { 'user': G.FTP_USER, 'pass': G.FTP_PASSWORD, 'ip': ftp_ip, 'port': G.FTP_PORT, 'dir': None } print "* Machine is: %s" % machine.power_status() ra = RemoteAnalysis(options.profile, machine.control, ftp_info) parameters = { # 1:'INTmark (write)', # 2:'INTmark (Read)', 3: 'INTmem', # 4:'FLOATmark (write)', # 5:'FLOATmark (Read)', 6: 'FLOATmem', # 7:'MMXmark (write)', # 8:'MMXmark (Read)', 9: 'MMXmem', # 10:'SSEmark (write)', # 11:'SSEmark (Read)', 12: 'SSEmem' } # Create a run for all of our parameters (Only *mem will run in batches) for b_param in parameters: # Should we be reading memory? if options.enable_sensor: memory_thread = MemoryThread(machine) memory_thread.daemon = True memory_thread.start() param_name = parameters[b_param] print "* Running %s test, %d times..." % (param_name, options.run_count) response = ra.run_analysis("ramspeed-win32.exe -b %d -l %d" % (b_param, options.run_count), "artifacts-memory", init_commands=[], bind_ip=ftp_ip) # Now store our results results_file = os.path.join( options.output_dir, "trial_b%d_l%d.txt" % (b_param, options.run_count)) sensor_file = os.path.join( options.output_dir, "trial_b%d_l%d_sensor.txt" % (b_param, options.run_count)) print "* Storing results (%d bytes) in %s." % (len(response), results_file) f = open(results_file, "w+") f.write(response) f.close() if options.enable_sensor: (time_elapsed, bytes_read) = memory_thread.join() f = open(sensor_file, "w+") f.write(str(time_elapsed) + "\t" + str(bytes_read)) f.close()
def main(options): """ Implement your function here """ # Keep track of the type of analysis that is possible (for physical) has_memory = has_disk = True # Add a sensors to physical machines if needed if options.machine_type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False if options.machine_config is None: logger.error("No machine config file given.") return # This isn't the class we use in practice, but fake it here for simplicity machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file." % options.machine) logger.error("Valid targets are: %s" % machines.keys()) return # Get our machine object machine = machines[options.machine] # Ensure that a sensor config is defined if options.sensor_config is None: logger.error( "A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "Trying to find physical sensors for %s..." % options.machine added_sensors = machine.add_sensors(sensors) # See which sensors were added for sensor in added_sensors: print "* Added %s to %s" % (sensor.id, machine.config.name) if issubclass(sensor.__class__, MemorySensor): has_memory = True if issubclass(sensor.__class__, DiskSensor): has_disk = True else: machine = VirtualMachine(options.machine, vm_type=options.machine_type, volatility_profile=options.volatility_profile) if options.analysis is not None: analysis = analysis_scripts[options.analysis] lae = LoPhiAnalysisEngine() lae.start(analysis[0], machine=machine) print "Running Analysis (%s)..." % options.analysis while True: print "* The following commands are available" print " p - Pause, r - Resume, s - Stop" command = raw_input('cmd: ') if command == "p": lae.pause() print "Analysis PAUSED." elif command == "r": lae.resume() print "Analysis RESUMED." elif command == "s": lae.stop() print "Analysis STOPPED." sys.exit(0) else: print "Unrecognized command (%s)." % command if False and has_memory: print "Starting memory analysis" # Create a queue and start our analysis output_queue = multiprocessing.Queue() mem_analysis = MemoryAnalysisEngine(machine, output_queue, plugins=['pslist']) mem_cap = CaptureWriter("memory.cap", output_queue) # mem_cap.start() mem_analysis.start() for i in range(10): print output_queue.get() # mem_cap.stop() mem_analysis.stop() if has_disk: print "Starting disk analysis" # create a queue and start analysis output_queue = multiprocessing.Queue() disk_analysis = DiskAnalysisEngine(machine, output_queue) disk_cap = CaptureWriter("disk.cap", output_queue) # disk_cap.start() disk_analysis.start() for i in range(100): print output_queue.get() # disk_cap.stop() disk_analysis.stop()
def run_analysis(options): # Get our FTP IP try: ftp_ip = NET.get_ip_address(options.ftp_interface) except: logger.error("Could not find ip for the given interface. (%s)"% options.ftp_interface) # Add a sensors to physical machines if needed if options.machine_type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False if options.machine_config is None: logger.error("No machine config file given.") return # This isn't the class we use in practice, but fake it here for simplicity machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file."%options.machine) logger.error("Valid targets are: %s"%machines.keys()) return # Get our machine object machine = machines[options.machine] # Ensure that a sensor config is defined if options.sensor_config is None: logger.error("A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "Trying to find physical sensors for %s..."%options.machine added_sensors = machine.add_sensors(sensors) if options.enable_sensor: machine.disk.sata_enable_all() else: machine = VirtualMachine(options.machine, vm_type=options.machine_type, volatility_profile=options.profile) ftp_info = {'user':G.FTP_USER, 'pass':G.FTP_PASSWORD, 'ip':ftp_ip, 'port':G.FTP_PORT, 'dir':None } print machine.power_status() ra = RemoteAnalysis(options.profile, machine.control, ftp_info) for trial in range(44,options.run_count): print "Running trial #%d..."%trial # Should we fire up our disk sensor? # if options.enable_sensor: # log_dcap_filename = os.path.join(options.output_dir,"trial_%d.dcap"%trial) # log_dcap_queue = multiprocessing.Queue() # log_dcap_writer = CaptureWriter(log_dcap_filename, # log_dcap_queue) # log_dcap_writer.start() # # dcap_engine = DiskCaptureEngine(machine, log_dcap_queue) # dcap_engine.start() iozone_cmd = "iozone.exe -a -g 2G -i 0 -i 1" response = ra.run_analysis(iozone_cmd, None, init_commands=["cd C:\Program Files\Benchmarks\Iozone3_414"], bind_ip=ftp_ip) f = open(os.path.join(options.output_dir,"trial_%d.txt"%trial), "w+") f.write(response) f.close() # if options.enable_sensor: # dcap_engine.stop() # log_dcap_writer.stop() print response
def main(options): """ Main function """ if options.machine_config is None: logger.error("No config file given.") return if options.command_file is None: logger.error("No script file provided.") return # This isn't the class we use in practice, but fake it here for simplicity # Get list of machine objects machines = CONF.import_from_config(options.machine_config, "machine") if options.machine not in machines: logger.error("%s is not a valid machine from the config file." % options.machine) logger.error("Valid targets are: %s" % machines.keys()) return machine = machines[options.machine] # Add a sensors to physical machines if needed if machine.type == G.MACHINE_TYPES.PHYSICAL: has_memory = has_disk = False # Ensure that a sensor config is defined if options.sensor_config is None: logger.error( "A sensor config file must be defined for physical analysis") return # Get the list of sensors sensors = CONF.import_from_config(options.sensor_config, "sensor") # Add sensors to our machine print "Trying to find physical sensors for %s..." % options.machine added_sensors = machine.add_sensors(sensors) # Check that we can do both memory and disk analysis if not machine.memory: logger.error("No memory sensor available for analysis! Quitting.") return if not machine.disk: logger.error("No disk sensor available for analysis! Quitting.") return if not machine.control: logger.error("No control sensor available for analysis! Quitting.") return # load the command script if not os.path.exists(options.command_file): logger.error("File (%s) does not exist!" % options.command_file) sys.exit(0) # prepare the command script parser parser = None if machine.type == G.MACHINE_TYPES.PHYSICAL: parser = KeypressGeneratorPhysical() else: parser = KeypressGeneratorVirtual() # open file f = open(options.command_file, 'r') script_text = f.read() f.close() script = parser.text_to_script(script_text) # Start the trials for trial_num in range(options.trials): print "Running trial %d" % trial_num # Prep the machine -- reset it if machine.type != G.MACHINE_TYPES.PHYSICAL: machine.machine_reset() else: machine.machine_reset(options.pxe_server) machine.power_off() # Wait for machine to shutdown time.sleep(15) # Wait until machine has an ip address logger.info("Waiting to get IP address of machine from PXE Server.") start_time = time.time() timeout = 360 while True: #machine.ip_addr = get_ip(options.pxe_server, machine.get_mac_addr()) if (time.time() - start_time) > timeout: logger.error( "Could not get ip address for test machine from PXE Server for %d s" % timeout) break ip = machine.get_ip_addr(options.pxe_server) if ip: logger.info("Machine has IP address %s" % ip) break # wait until machine is up logger.info("Waiting for machine to be up on the network.") start_time = time.time() timeout = 360 while True: if (time.time() - start_time) > timeout: logger.error( "Timed out while waiting for machine to come back up (e.g. waiting for system to boot)" ) break if machine.get_net_status(): break logger.info("Machine is back up. Commencing analysis.") if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Pausing Virtual Machine!") machine.machine_pause() else: # pass logger.info("Pausing Physical Machine Not Implemented Yet!") # Take memory snapshot #1 logger.info("Taking start memory dump") #memory_dump(machine, os.path.join(options.output_dir, "mem_dump_start" + str(trial_num))) # TODO: Spawn data consumers for disk and memory? logger.info("TODO: Starting disk analysis") # Resume machine if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Resuming Virtual Machine!") machine.machine_resume() else: # pass logger.info("Resuming Physical Machine Not Implemented Yet!") # Run command script and wait runtime seconds logger.info("Running %s script for %d seconds." % (options.command_file, options.runtime)) machine.keypress_send(script) time.sleep(options.runtime) # pause machine if VM if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Pausing Virtual Machine!") machine.machine_pause() else: # pass logger.info("Pausing Physical Machine Not Implemented Yet!") logger.info("TODO: Stopping disk analysis") #disk_analysis.stop() # Take memory snapshot #2 logger.info("Taking end memory dump") #memory_dump(machine, os.path.join(options.output_dir, "mem_dump_end" + str(trial_num))) # Resume machine if machine.type != G.MACHINE_TYPES.PHYSICAL: logger.info("Resuming Virtual Machine!") machine.machine_resume() else: # pass logger.info("Resuming Physical Machine Not Implemented Yet!") print "Completed trial %d" % trial_num print "Completed all trials."