def calculate(self):
addr_space = utils.load_as(self._config)
if not self.is_valid_profile(addr_space.profile):
debug.error("This command does not support the selected profile.")
return network.determine_connections(addr_space)
def calculate(self):
addr_space = utils.load_as(self._config)
if not self.is_valid_profile(addr_space.profile):
debug.error("This command does not support the selected profile.")
return network.determine_connections(addr_space)
def calculate(self):
addr_space = utils.load_as(self._config)
return network.determine_connections(addr_space)
'plugins': None,
'debug': None,
'cache_dtb': True,
'filename': None,
'cache_directory': None,
'verbose': None, 'write':False}
# set the default config
for k,v in base_conf.items():
config.update(k, v)
# configuration complete
# now load up the address space
# pretty interesting to note that this is actually an iterative process
# first the FileAddressSpace from plugins/addr_spaces/standard/ is created
# with the file, and then a JKIA32PagedMemoryPae from volatility/plugins/addrspaces/intel
# is created. If ['write', 'cache_dtb', 'kdbg'] are not set, this fails
addr_space = utils.load_as(config)
# now create the connections like in
# plugins/connections.py
conns = [conn for conn in network.determine_connections(addr_space)]
for i in conns:
offset = conn.obj_vm.vtop(conn.obj_offset)
local = "{0}:{1}".format(conn.LocalIpAddress, conn.LocalPort)
remote = "{0}:{1}".format(conn.RemoteIpAddress, conn.RemotePort)
print ('w00t, now I know that %s ===> %s'%(local, remote))
