def main(argv=None): # New user interactive session (with extra bells and whistles). user_session = session.InteractiveSession() user_session.session_list.append(user_session) # Alow all special plugins to run. user_session.privileged = True def global_arg_cb(global_flags, _): if global_flags.version: print("This is Rekall Version %s (%s)" % ( constants.VERSION, constants.CODENAME)) print(rekall.get_versions()) sys.exit(0) with user_session.GetRenderer().start(): plugin_cls, flags = args.parse_args( argv=argv, global_arg_cb=global_arg_cb, user_session=user_session) # Install any quotas the user requested. user_session = quotas.wrap_session(user_session) try: # Run the plugin with plugin specific args. user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags)) except Exception as e: logging.fatal("%s. Try --debug for more information." % e) if getattr(flags, "debug", None): pdb.post_mortem(sys.exc_info()[2]) raise finally: user_session.Flush()
def setUpClass(cls): """Bring up the HTTP server locally for tests.""" cls._session = rekall_session.InteractiveSession(logging_level=10) port = portpicker.PickUnusedPort() cls.tempdir = tempfile.mkdtemp() cls.config = agent.Configuration.from_keywords( session=cls._session, server=http_server.HTTPServerPolicy.from_keywords( session=cls._session, base_url="http://127.0.0.1:%s/" % port, root_directory=cls.tempdir, bind_port=port, private_key=crypto.RSAPrivateKey( session=cls._session).generate_key(), )) cls._session.SetParameter("agent_config_obj", cls.config) cls.httpd = http_server.RekallHTTPServer( ("127.0.0.1", port), http_server.RekallHTTPServerHandler, session=cls._session) cls.httpd_thread = threading.Thread(target=cls.httpd.serve_forever) cls.httpd_thread.daemon = True cls.httpd_thread.start() cls.base_url = "http://%s/%s" % cls.httpd.server_address
def main(argv=None): # New user interactive session (with extra bells and whistles). user_session = session.InteractiveSession() user_session.session_list.append(user_session) text_renderer = text.TextRenderer(session=user_session) with text_renderer.start(): plugin_cls, flags = args.parse_args(argv=argv, user_session=user_session) # Determine if an external script needs to be run first. if getattr(flags, "run", None): # Export the session object to the external script. user_session.locals["session"] = user_session exec open(flags.run) in user_session.locals try: # Run the plugin with plugin specific args. user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags)) except Exception as e: logging.fatal("%s. Try --debug for more information." % e) if getattr(flags, "debug", None): pdb.post_mortem(sys.exc_info()[2]) raise finally: user_session.Flush()
def main(argv=None): # New user interactive session (with extra bells and whistles). user_session = session.InteractiveSession() user_session.session_list.append(user_session) text_renderer = text.TextRenderer(session=user_session) with text_renderer.start(): plugin_cls, flags = args.parse_args(argv=argv, user_session=user_session) # Determine if an external script needs to be run first. if getattr(flags, "run", None): # Export the session object to the external script. user_session.locals["session"] = user_session exec open(flags.run) in user_session.locals try: # Run the plugin with plugin specific args. user_session.RunPlugin(plugin_cls, **config.RemoveGlobalOptions(flags)) except Exception as e: if getattr(flags, "debug", None): pdb.post_mortem(sys.exc_info()[2]) else: logging.error("%s. Try --debug for more information." % e) # Exit with an error. sys.exit(-1) # Right before we exit we check if we need to save the current session. if user_session.state.session_filename and ( user_session.state.dirty or user_session.state.cache.dirty): user_session.SaveToFile(user_session.state.session_filename)
def GenerateTests(self, config, flags): """Generates test classes for all the plugins. Each plugin must have at least one test. Plugin tests are subclasses of the testlib.RekallBaseUnitTestCase class, """ result = self.GenerateInlineTests(config) # Pull the profile path etc from the rekall config file. kwargs = rekall_config.GetConfigFile(session.Session()) # Get the disabled tests. disabled = config.pop("disabled", []) for x, y in flags.items(): if x.startswith("--"): kwargs[x[2:]] = y s = session.InteractiveSession(**kwargs) # A map of all the specialized tests which are defined. Only include # those classes which are active for the currently selected profile. plugins_with_test = set() for _, cls in testlib.RekallBaseUnitTestCase.classes.items(): if cls.is_active(s): result.append(cls) plugin_name = cls.CommandName() if plugin_name: plugins_with_test.add(plugin_name) # Now generate tests automatically for all other plugins. for cls in plugin.Command.classes.values(): if cls.name in plugins_with_test: continue # We can not test interactive plugins in this way. if cls.interactive: continue # Remove classes which are not active. if not cls.is_active(s): continue # Automatically create a new test based on testlib.SimpleTestCase. try: result.append(type( "Test%s" % cls.__name__, (testlib.SimpleTestCase,), dict(PARAMETERS=dict(commandline=cls.name)))) except RuntimeError: pass # Remove the disabled tests. return [x for x in result if x.__name__ not in disabled]
def MakeUserSession(self, config_options=None): if config_options is None: config_options = self.config_options or {} user_session = rekall_session.InteractiveSession() with user_session.state as state: config.MergeConfigOptions(state, user_session) for k, v in config_options.items(): if k.startswith("--"): state.Set(k[2:], v) return user_session
def main(argv=None): # IPython notebook launches the IPython kernel by re-spawning the main # binary with its own command line args. This hack traps this and diverts # execution to IPython itself. if len(sys.argv) > 2 and sys.argv[1] == "-c": to_run = sys.argv[2] if ".kernelapp" in to_run: exec(to_run) return # New user interactive session (with extra bells and whistles). user_session = session.InteractiveSession() flags = args.parse_args(argv=argv, user_session=user_session) # Determine if an external script needs to be run first. if getattr(flags, "run", None): exec open(flags.run) in user_session._locals # Run a module and do not drop into the shell. if getattr(flags, "module", None): # Run the module try: # Explicitly disable our handling of the pager since we are not # running in interactive mode. user_session.RunPlugin(flags.module, flags=flags) except Exception as e: if getattr(flags, "debug", None): pdb.post_mortem(sys.exc_info()[2]) else: logging.error("%s. Try --debug for more information." % e) else: # Interactive session, turn off object access logging since in # interactive mode, the user may use arbitrary object members. os.environ.pop(obj.ProfileLog.ENVIRONMENT_VAR, None) user_session.mode = "Interactive" # Try to launch the session using something. if user_session.state.ipython_engine == "notebook": ipython_support.NotebookSupport(user_session) else: _ = (IPython012Support(user_session) or NativePythonSupport(user_session)) # Right before we exit we check if we need to save the current session. if user_session.state.session_filename and ( user_session.state.dirty or user_session.state.cache.dirty): user_session.SaveToFile(user_session.state.session_filename)
def main(_): start = time.time() # We dont want a pager for the main view. user_session = session.InteractiveSession(pager="-") renderer = text.TextRenderer(session=user_session) with renderer.start(): with RekallTester(renderer=renderer) as tester: tester.RunTests() tester.renderer.write( "Completed %s tests (%s passed, %s failed, %s rebuild) in " "%s Seconds.\n" % (len(tester.successes) + len(tester.failures), len(tester.successes), len(tester.failures), tester.rebuilt, int(time.time() - start))) # Return an error when any tests failed. if tester.failures: sys.exit(-1)
def ImportEnvironment(**kwargs): """Initialize a caller's environment. Creates a new interactive environment and installs it into the caller's local namespace. After this call the usual rekall interactive environment will be added in the caller's local namespace. For example: from rekall import interactive interactive.ImportEnvironment() # Update the filename, load profile etc. rekal filename="xpimage.dd" # Run the pslist command rendering to stdout. print pslist() """ isession = session.InteractiveSession(**kwargs) with isession.state as state: config.MergeConfigOptions(state) stack = inspect.stack() # pylint: disable=protected-access isession._locals = stack[1][0].f_locals isession._prepare_local_namespace() # For IPython fix up the completion. try: shell = IPython.get_ipython() if shell: shell.Completer.matchers.insert( 0, lambda x: ipython_support.RekallCompleter(shell.Completer, x)) shell.Completer.merge_completions = False except Exception, e: print e