Пример #1
0
import volatility.cache as cache
import volatility.debug as debug
import volatility.poolscan as poolscan
import socket
import volatility.plugins.overlays.windows.tcpip_vtypes as tcpip_vtypes
from volatility.renderers import TreeGrid
from volatility.renderers.basic import Address

# Python's socket.AF_INET6 is 0x1e but Microsoft defines it 
# as a constant value of 0x17 in their source code. Thus we 
# need Microsoft's since that's what is found in memory.
AF_INET = 2
AF_INET6 = 0x17

# String representations of INADDR_ANY and INADDR6_ANY
inaddr_any = utils.inet_ntop(socket.AF_INET, '\0' * 4)
inaddr6_any = utils.inet_ntop(socket.AF_INET6, '\0' * 16)

#--------------------------------------------------------------------------------
# pool scanners 
#--------------------------------------------------------------------------------

class PoolScanUdpEndpoint(poolscan.PoolScanner):
    """PoolScanner for Udp Endpoints"""

    def __init__(self, address_space):
        poolscan.PoolScanner.__init__(self, address_space)

        self.pooltag = "UdpA"
        self.struct_name = "_UDP_ENDPOINT"
Пример #2
0
 def v(self):
     return utils.inet_ntop(socket.AF_INET6, obj.NativeType.v(self))
Пример #3
0
 def v(self):
     return utils.inet_ntop(socket.AF_INET, struct.pack("<I", obj.NativeType.v(self)))
Пример #4
0
 def v(self):
     return utils.inet_ntop(socket.AF_INET,
                            struct.pack("<I", obj.NativeType.v(self)))
Пример #5
0
import volatility.cache as cache
import volatility.debug as debug
import volatility.poolscan as poolscan
import socket
import volatility.plugins.overlays.windows.tcpip_vtypes as tcpip_vtypes
from volatility.renderers import TreeGrid
from volatility.renderers.basic import Address

# Python's socket.AF_INET6 is 0x1e but Microsoft defines it
# as a constant value of 0x17 in their source code. Thus we
# need Microsoft's since that's what is found in memory.
AF_INET = 2
AF_INET6 = 0x17

# String representations of INADDR_ANY and INADDR6_ANY
inaddr_any = utils.inet_ntop(socket.AF_INET, '\0' * 4)
inaddr6_any = utils.inet_ntop(socket.AF_INET6, '\0' * 16)

#--------------------------------------------------------------------------------
# pool scanners
#--------------------------------------------------------------------------------


class PoolScanUdpEndpoint(poolscan.PoolScanner):
    """PoolScanner for Udp Endpoints"""
    def __init__(self, address_space):
        poolscan.PoolScanner.__init__(self, address_space)

        self.pooltag = "UdpA"
        self.struct_name = "_UDP_ENDPOINT"