def log_call(self, context, apiname, modulename, arguments):
if not self.rawlogfd:
raise CuckooOperationalError(
"Netlog failure, call before process.")
apiindex, status, returnval, tid, timediff = context
#log.debug('log_call> tid:{0} apiname:{1}'.format(tid, apiname))
current_time = self.connect_time + datetime.timedelta(
0, 0, timediff * 1000)
timestring = logtime(current_time)
argumentstrings = [
'{0}->{1}'.format(argname, r) for argname, r in arguments
]
if self.logfd:
print >> self.logfd, ','.join('"{0}"'.format(i) for i in [
timestring,
self.pid,
self.procname,
tid,
self.ppid,
modulename,
apiname,
status,
returnval,
] + argumentstrings)
def log_call(self, context, apiname, modulename, arguments):
apiindex, status, returnval, tid, timediff = context
current_time = self.first_seen + datetime.timedelta(
0, 0, timediff * 1000)
timestring = logtime(current_time)
self.lastcall = self._parse(
[timestring, tid, modulename, apiname, status, returnval] +
arguments)
def log_call(self, context, apiname, modulename, arguments):
apiindex, status, returnval, tid, timediff = context
current_time = self.first_seen + datetime.timedelta(0,0, timediff*1000)
timestring = logtime(current_time)
self.lastcall = self._parse([timestring,
tid,
modulename,
apiname,
status,
returnval] + arguments)
def log_call(self, context, apiname, modulename, arguments):
if not self.rawlogfd:
raise CuckooOperationalError("Netlog failure, call before process.")
apiindex, status, returnval, tid, timediff = context
#log.debug('log_call> tid:{0} apiname:{1}'.format(tid, apiname))
current_time = self.connect_time + datetime.timedelta(0,0, timediff*1000)
timestring = logtime(current_time)
argumentstrings = ['{0}->{1}'.format(argname, r) for argname, r in arguments]
if self.logfd:
print >>self.logfd, ','.join('"{0}"'.format(i) for i in [timestring, self.pid,
self.procname, tid, self.ppid, modulename, apiname, status, returnval,
] + argumentstrings)
def run(self):
"""Run analysis.
@return: processes infomartion list.
"""
results = []
if not os.path.exists(self._logs_path):
log.error("Analysis results folder does not exist at path \"%s\".",
self._logs_path)
return results
if len(os.listdir(self._logs_path)) == 0:
log.error("Analysis results folder does not contain any file.")
return results
for file_name in os.listdir(self._logs_path):
file_path = os.path.join(self._logs_path, file_name)
if os.path.isdir(file_path):
continue
if not file_path.endswith(".raw"):
continue
# Invoke parsing of current log file.
current_log = ParseProcessLog(file_path)
if current_log.process_id == None: continue
# If the current log actually contains any data, add its data to
# the global results list.
results.append({
"process_id": current_log.process_id,
"process_name": current_log.process_name,
"parent_id": current_log.parent_id,
"first_seen": logtime(current_log.first_seen),
"calls": current_log
})
# Sort the items in the results list chronologically. In this way we
# can have a sequential order of spawned processes.
results.sort(key=lambda process: process["first_seen"])
return results
def run(self):
"""Run analysis.
@return: processes infomartion list.
"""
results = []
if not os.path.exists(self._logs_path):
log.error("Analysis results folder does not exist at path \"%s\".",
self._logs_path)
return results
if len(os.listdir(self._logs_path)) == 0:
log.error("Analysis results folder does not contain any file.")
return results
for file_name in os.listdir(self._logs_path):
file_path = os.path.join(self._logs_path, file_name)
if os.path.isdir(file_path):
continue
if not file_path.endswith(".raw"):
continue
# Invoke parsing of current log file.
current_log = ParseProcessLog(file_path)
if current_log.process_id == None: continue
# If the current log actually contains any data, add its data to
# the global results list.
results.append({
"process_id": current_log.process_id,
"process_name": current_log.process_name,
"parent_id": current_log.parent_id,
"first_seen": logtime(current_log.first_seen),
"calls": current_log
})
# Sort the items in the results list chronologically. In this way we
# can have a sequential order of spawned processes.
results.sort(key=lambda process: process["first_seen"])
return results
