def create_encoder(session=None): if not session: session = session_module.Session() renderer = json_renderer.JsonRenderer(session=session, ) return renderer.encoder
def __init__(self, file=None, fd=None, **kwargs): super(JSONParser, self).__init__(**kwargs) # Make a json renderer to decode the json stream with. self.json_renderer = json_renderer.JsonRenderer(session=self.session) self.file = file self.fd = fd
def create_decoder(session=None): if not session: session = session_module.Session() json_renderer_obj = json_renderer.JsonRenderer(session=session, ) return json_renderer.JsonDecoder( session=session, renderer=json_renderer_obj, )
def render(self, renderer): """Renders the stored JSON file using the default renderer. To decode the json file we replay the statements into the renderer after decompressing them. """ # Make a json renderer to decode the json stream with. self.json_renderer = json_renderer.JsonRenderer(session=self.session) self.fd = renderer.open(filename=self.plugin_args.file, mode="rt") data = json.load(self.fd) for statement in data: self.RenderStatement(statement, renderer)
def rekall_dump_to_haystack(filename, pid, output_folder_name): # rek.py -f vol/zeus.vmem vaddump -p 856 --dump-dir vol/zeus.vmem.856.dump/ > vol/zeus.vmem.856.dump/mappings.vol # rek2map.py vol/zeus.vmem.856.dump/mappings.vol > vol/zeus.vmem.856.dump/mappings # vaddummp log.debug("rekall_dump_to_haystack %s %p", filename, pid) if not os.access(output_folder_name, os.F_OK): os.mkdir(output_folder_name) from rekall import session from rekall import plugins from rekall.ui import json_renderer s = session.Session(filename=filename, autodetect=["rsds"], logger=logging.getLogger(), profile_path=["http://profiles.rekall-forensic.com"]) task_plugin = s.plugins.vaddump(pid=pid, dump_dir=output_folder_name) # get a renderer. renderer = json_renderer.JsonRenderer() task_plugin.render(renderer) print(renderer) maps = [] # FIXME get stdout in here. with open(filename, 'r') as fin: entries = fin.readlines() i_start = entries[0].index('Start') i_end = entries[0].index('End') i_path = entries[0].index('Result') fmt = b'0x%08x' if i_end - i_start > 12: fmt = b'0x%016x' for i, line in enumerate(entries[2:]): start = int(line[i_start:i_end].strip(), 16) end = int(line[i_end:i_path].strip(), 16) + 1 path = line[i_path:].strip() o_path = "%s-%s" % (fmt % start, fmt % end) # rename file try: os.rename(path, o_path) except OSError as e: sys.stderr.write('File rename error\n') # offset is unknown. print('%s %s r-xp %s 00:00 %d [vol_mapping_%03d]' % (fmt % start, fmt % end, fmt % 0, 0, i)) pass
def Decoder(self, raw): """Safe Unpickling. Unpickle only safe primitives like tuples, dicts and strings. Specifically does not allow arbitrary instances to be recovered. """ unpickler = cPickle.Unpickler(cStringIO.StringIO(raw)) unpickler.find_global = None json_renderer_obj = json_renderer.JsonRenderer(session=self.session) decoder = json_renderer.JsonDecoder(self.session, json_renderer_obj) try: decoded = unpickler.load() except Exception: raise io_manager.DecodeError("Unable to unpickle cached object") return decoder.Decode(decoded)
def CheckObjectSerization(self, obj): json_renderer_obj = json_renderer.JsonRenderer(session=self.session) data_export_renderer_obj = data_export.DataExportRenderer( session=self.session) # First test json encodings. encoded = json_renderer_obj.encode(obj) # Make sure it is json safe. json.dumps(encoded) # Now decode it. decoded = json_renderer_obj.decode(encoded) self.assertEqual(decoded, obj) # Now check the DataExportRenderer. encoded = data_export_renderer_obj.encode(obj) # Make sure it is json safe. json.dumps(encoded)
def __init__(self, *args, **kwargs): super(PicklingDirectoryIOManager, self).__init__(*args, **kwargs) self.renderer = json_renderer.JsonRenderer(session=self.session)
def setUp(self): self.session = self.MakeUserSession() self.renderer = json_renderer.JsonRenderer(session=self.session) self.encoder = self.renderer.encoder self.decoder = self.renderer.decoder
def Unserialize(self, lexicon, data): json_renderer_obj = json_renderer.JsonRenderer(session=self) decoder = json_renderer.JsonDecoder(self, json_renderer_obj) decoder.SetLexicon(lexicon) self.state = Configuration(session=self, **decoder.Decode(data))