def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(
name='primary',
description="Memory layer for the kernel",
architectures=["Intel32", "Intel64"]),
requirements.BooleanRequirement(
name="insensitive",
description="Makes the search case insensitive",
default=False,
optional=True),
requirements.BooleanRequirement(
name="wide",
description="Match wide (unicode) strings",
default=False,
optional=True),
requirements.StringRequirement(
name="yara_rules",
description="Yara rules (as a string)",
optional=True),
requirements.URIRequirement(name="yara_file",
description="Yara rules (as a file)",
optional=True),
requirements.IntRequirement(
name="max_size",
default=0x40000000,
description="Set the maximum size (default is 1GB)",
optional=True)
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(
name='primary',
description="Memory layer for the kernel",
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="nt_symbols", description="Windows kernel symbols"),
requirements.IntRequirement(
name="max_size",
default=0x40000000,
description="Set the maximum size (default is 1GB)",
optional=True),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(1, 0, 0)),
requirements.IntRequirement(
name='pid',
description=
"Process ID to include (all other processes are excluded)",
optional=True),
requirements.URIRequirement(name="yara_file",
description="Yara rules (as a file)",
optional=True),
requirements.PluginRequirement(name="vadyarascan",
plugin=vadyarascan.VadYaraScan,
version=(1, 0, 0)),
]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(name = 'primary',
description = "Memory layer for the kernel",
architectures = ["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"),
requirements.BooleanRequirement(name = "wide",
description = "Match wide (unicode) strings",
default = False,
optional = True),
requirements.StringRequirement(name = "yara_rules",
description = "Yara rules (as a string)",
optional = True),
requirements.URIRequirement(name = "yara_file", description = "Yara rules (as a file)", optional = True),
requirements.IntRequirement(name = "max_size",
default = 0x40000000,
description = "Set the maximum size (default is 1GB)",
optional = True),
requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (1, 0, 0)),
requirements.VersionRequirement(name = 'yarascanner', component = yarascan.YaraScanner,
version = (2, 0, 0)),
requirements.ListRequirement(name = 'pid',
element_type = int,
description = "Process IDs to include (all other processes are excluded)",
optional = True)
]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
# This is not optional for the stacker to run, so optional must be marked as False
return [
requirements.URIRequirement("single_location",
description = "Specifies a base location on which to stack",
optional = True)
]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (1, 0, 0)),
requirements.TranslationLayerRequirement(name = 'primary',
description = 'Memory layer for the kernel',
architectures = ["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"),
requirements.URIRequirement(name = "strings_file", description = "Strings file")
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.ListRequirement(
name='filter',
description=
'String that must be present in the file URI to display the ISF',
optional=True,
default=[]),
requirements.URIRequirement(
name='isf',
description="Specific ISF file to process",
default=None,
optional=True),
requirements.BooleanRequirement(
name='validate',
description='Validate against schema if possible',
default=False,
optional=True)
]
