def _check_kevent(kevent):
if not kevent in KEvents.all():
IO.write_console('fibratus run: ERROR - %s is not a valid kernel event. Run list-kevents to see'
' the available kernel events' % kevent)
sys.exit()
def main():
if args['run']:
if len(kevent_filters) > 0 and not filament_name:
for kfilter in kevent_filters:
_check_kevent(kfilter)
enum_handles = False if args['--no-enum-handles'] else True
cswitch = True if args['--cswitch'] else False
filament = None
filament_filters = []
if filament_name:
if not Filament.exists(filament_name):
panic('fibratus run: ERROR - %s filament does not exist. Run list-filaments to see '
'the available filaments' % filament_name)
filament = Filament()
try:
filament.load_filament(filament_name)
except FilamentError as e:
panic('fibratus run: ERROR - %s' % e)
filament_filters = filament.filters
if len(filament_filters) > 0:
for kfilter in filament_filters:
_check_kevent(kfilter)
filament.render_tabular()
try:
fibratus = Fibratus(filament, enum_handles=enum_handles, cswitch=cswitch)
except KeyboardInterrupt:
# the user has stopped command execution
# before opening the kernel event stream
sys.exit(0)
@PHANDLER_ROUTINE
def handle_ctrl_c(event):
if event == 0:
fibratus.stop_ktrace()
return 0
set_console_ctrl_handler(handle_ctrl_c, True)
# add specific filters
filters = dict()
filters['pid'] = args['--pid'] if args['--pid'] else None
filters['image'] = args['--image'] if args['--image'] else None
if not filament:
if len(kevent_filters) > 0:
fibratus.add_filters(kevent_filters, **filters)
else:
fibratus.add_filters([], **filters)
else:
if len(filament_filters) > 0:
fibratus.add_filters(filament_filters, **filters)
else:
fibratus.add_filters([], **filters)
try:
fibratus.run()
except KeyboardInterrupt:
set_console_ctrl_handler(handle_ctrl_c, False)
elif args['list-filaments']:
filaments = Tabular(['Filament', 'Description'], 'Description',
sort_by='Filament')
for filament, desc in Filament.list_filaments().items():
filaments.add_row([filament, desc])
filaments.draw()
elif args['list-kevents']:
kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description',
sort_by='Category')
for kevent, meta in KEvents.meta_info().items():
kevents.add_row([kevent, meta[0].name, meta[1]])
kevents.draw()
fibratus.stop_ktrace()
return 0
set_console_ctrl_handler(handle_ctrl_c, True)
if not filament:
if len(kevent_filters) > 0:
fibratus.add_filters(kevent_filters)
else:
if len(filament_filters) > 0:
fibratus.add_filters(filament_filters)
else:
fibratus.add_filters([])
try:
fibratus.run()
except KeyboardInterrupt:
set_console_ctrl_handler(handle_ctrl_c, False)
elif args['list-filaments']:
filaments = Tabular(['Filament', 'Description'], 'Description',
sort_by='Filament')
for filament, desc in Filament.list_filaments().items():
filaments.add_row([filament, desc])
filaments.draw()
elif args['list-kevents']:
kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description',
sort_by='Category')
for kevent, meta in KEvents.meta_info().items():
kevents.add_row([kevent, meta[0].name, meta[1]])
kevents.draw()
def test_kevents_all(self):
kevents = KEvents.all()
assert isinstance(kevents, list)
assert len(kevents) > 0
def _check_kevent(kevent):
if kevent not in KEvents.all():
panic('fibratus run: ERROR - %s is not a valid kernel event. Run list-kevents to see '
'the available kernel events' % kevent)
def test_kevents_meta_info(self):
kevents_meta_info = KEvents.meta_info()
assert isinstance(kevents_meta_info, dict)
cat, description = kevents_meta_info[KEvents.CREATE_PROCESS]
assert cat == Category.PROCESS
assert description
def test_kevents_meta_info(self):
kevents_meta_info = KEvents.meta_info()
assert isinstance(kevents_meta_info, dict)
cat, description = kevents_meta_info[KEvents.CREATE_PROCESS]
assert cat == Category.PROCESS
assert description
def main():
if args['run']:
if len(kevent_filters) > 0 and not filament_name:
for kfilter in kevent_filters:
_check_kevent(kfilter)
enum_handles = False if args['--no-enum-handles'] else True
cswitch = True if args['--cswitch'] else False
filament = None
filament_filters = []
if not filament_name:
print('Starting fibratus...')
else:
if not Filament.exists(filament_name):
panic(
'fibratus run: ERROR - %s filament does not exist. Run list-filaments to see '
'the availble filaments' % filament_name)
filament = Filament()
try:
filament.load_filament(filament_name)
except FilamentError as e:
panic('fibratus run: ERROR - %s' % e)
filament_filters = filament.filters
if len(filament_filters) > 0:
for kfilter in filament_filters:
_check_kevent(kfilter)
filament.render_tabular()
try:
fibratus = Fibratus(filament,
enum_handles=enum_handles,
cswitch=cswitch)
except KeyboardInterrupt:
# the user has stopped command execution
# before opening the kernel event stream
sys.exit(0)
@PHANDLER_ROUTINE
def handle_ctrl_c(event):
if event == 0:
fibratus.stop_ktrace()
return 0
set_console_ctrl_handler(handle_ctrl_c, True)
# add specific filters
filters = dict()
filters['pid'] = args['--pid'] if args['--pid'] else None
if not filament:
if len(kevent_filters) > 0:
fibratus.add_filters(kevent_filters, **filters)
else:
fibratus.add_filters([], **filters)
else:
if len(filament_filters) > 0:
fibratus.add_filters(filament_filters, **filters)
else:
fibratus.add_filters([], **filters)
try:
fibratus.run()
except KeyboardInterrupt:
set_console_ctrl_handler(handle_ctrl_c, False)
elif args['list-filaments']:
filaments = Tabular(['Filament', 'Description'],
'Description',
sort_by='Filament')
for filament, desc in Filament.list_filaments().items():
filaments.add_row([filament, desc])
filaments.draw()
elif args['list-kevents']:
kevents = Tabular(['KEvent', 'Category', 'Description'],
'Description',
sort_by='Category')
for kevent, meta in KEvents.meta_info().items():
kevents.add_row([kevent, meta[0].name, meta[1]])
kevents.draw()
def test_kevents_all(self):
kevents = KEvents.all()
assert isinstance(kevents, list)
assert len(kevents) > 0
def _check_kevent(kevent):
if kevent not in KEvents.all():
panic(
'fibratus run: ERROR - %s is not a valid kernel event. Run list-kevents to see '
'the available kernel events' % kevent)
set_console_ctrl_handler(handle_ctrl_c, True)
if not filament:
if len(kevent_filters) > 0:
fibratus.add_filters(kevent_filters)
else:
if len(filament_filters) > 0:
fibratus.add_filters(filament_filters)
else:
fibratus.add_filters([])
try:
fibratus.run()
except KeyboardInterrupt:
set_console_ctrl_handler(handle_ctrl_c, False)
elif args['list-filaments']:
filaments = Filament.list_filaments()
table = PrettyTable(['Filament', 'Description'])
table.align['Description'] = 'l'
table.sortby = 'Filament'
for filament, desc in filaments.items():
table.add_row([filament, desc])
IO.write_console(table.get_string())
elif args['list-kevents']:
kevent_types = KEvents.meta_info()
table = PrettyTable(['KEvent', 'Category', 'Description'])
table.align['Description'] = 'l'
table.sortby = 'Category'
for kevent, meta in kevent_types.items():
table.add_row([kevent, meta[0].name, meta[1]])
IO.write_console(table.get_string())
def _check_kevent(kevent):
if kevent not in KEvents.all():
IO.write_console(
'fibratus run: ERROR - %s is not a valid kernel event. Run list-kevents to see'
' the available kernel events' % kevent)
sys.exit()
set_console_ctrl_handler(handle_ctrl_c, True)
if not filament:
if len(kevent_filters) > 0:
fibratus.add_filters(kevent_filters)
else:
if len(filament_filters) > 0:
fibratus.add_filters(filament_filters)
else:
fibratus.add_filters([])
try:
fibratus.run()
except KeyboardInterrupt:
set_console_ctrl_handler(handle_ctrl_c, False)
elif args['list-filaments']:
filaments = Filament.list_filaments()
table = PrettyTable(['Filament', 'Description'])
table.align['Description'] = 'l'
table.sortby = 'Filament'
for filament, desc in filaments.items():
table.add_row([filament, desc])
IO.write_console(table.get_string())
elif args['list-kevents']:
kevent_types = KEvents.meta_info()
table = PrettyTable(['KEvent', 'Category', 'Description'])
table.align['Description'] = 'l'
table.sortby = 'Category'
for kevent, meta in kevent_types.items():
table.add_row([kevent, meta[0].name, meta[1]])
IO.write_console(table.get_string())
set_console_ctrl_handler(handle_ctrl_c, True)
if not filament:
if len(kevent_filters) > 0:
fibratus.add_filters(kevent_filters)
else:
if len(filament_filters) > 0:
fibratus.add_filters(filament_filters)
else:
fibratus.add_filters([])
try:
fibratus.run()
except KeyboardInterrupt:
set_console_ctrl_handler(handle_ctrl_c, False)
elif args['list-filaments']:
filaments = Tabular(['Filament', 'Description'],
'Description',
sort_by='Filament')
for filament, desc in Filament.list_filaments().items():
filaments.add_row([filament, desc])
filaments.draw()
elif args['list-kevents']:
kevents = Tabular(['KEvent', 'Category', 'Description'],
'Description',
sort_by='Category')
for kevent, meta in KEvents.meta_info().items():
kevents.add_row([kevent, meta[0].name, meta[1]])
kevents.draw()