def runtime_info(vmi_offsets):
return RuntimeInfo(vmi_offsets=vmi_offsets, inject_pid=1337)
def postinstall(report, generate_usermode):
if not check_root():
return
if os.path.exists(os.path.join(ETC_DIR, "no_usage_reports")):
report = False
install_info = InstallInfo.load()
logging.info("Cleaning up leftovers(if any)")
cleanup_postinstall_files()
logging.info("Ejecting installation CDs")
eject_cd("vm-0", FIRST_CDROM_DRIVE)
if install_info.enable_unattended:
# If unattended install is enabled, we have an additional CD-ROM drive
eject_cd("vm-0", SECOND_CDROM_DRIVE)
output = subprocess.check_output(['vmi-win-guid', 'name', 'vm-0'],
timeout=30).decode('utf-8')
try:
version = re.search(r'Version: (.*)', output).group(1)
pdb = re.search(r'PDB GUID: ([0-9a-f]+)', output).group(1)
fn = re.search(r'Kernel filename: ([a-z]+\.[a-z]+)', output).group(1)
except AttributeError:
logging.error("Failed to obtain kernel PDB GUID/Kernel filename.")
return
logging.info("Determined PDB GUID: {}".format(pdb))
logging.info("Determined kernel filename: {}".format(fn))
logging.info("Fetching PDB file...")
dest = fetch_pdb(fn, pdb, destdir=PROFILE_DIR)
logging.info("Generating profile out of PDB file...")
profile = make_pdb_profile(dest)
logging.info("Saving profile...")
kernel_profile = os.path.join(PROFILE_DIR, 'kernel.json')
with open(kernel_profile, 'w') as f:
f.write(profile)
vmi_offsets = extract_vmi_offsets('vm-0', kernel_profile)
explorer_pid = extract_explorer_pid('vm-0', kernel_profile, vmi_offsets)
runtime_info = RuntimeInfo(vmi_offsets=vmi_offsets,
inject_pid=explorer_pid)
logging.info("Saving runtime profile...")
with open(os.path.join(PROFILE_DIR, 'runtime.json'), 'w') as f:
f.write(runtime_info.to_json(indent=4))
logging.info("Saving VM snapshot...")
subprocess.check_output('xl save vm-0 ' +
os.path.join(VOLUME_DIR, "snapshot.sav"),
shell=True)
storage_backend = get_storage_backend(install_info)
storage_backend.snapshot_vm0_volume()
logging.info("Snapshot was saved succesfully.")
if generate_usermode:
try:
create_rekall_profiles(install_info)
except RuntimeError as e:
logging.warning("Generating usermode profiles failed")
logging.exception(e)
if report:
send_usage_report({
"kernel": {
"guid": pdb,
"filename": fn,
"version": version
},
"install_iso": {
"sha256": install_info.iso_sha256
}
})
logging.info("All right, drakrun setup is done.")
logging.info("First instance of drakrun will be enabled automatically...")
subprocess.check_output('systemctl enable drakrun@1', shell=True)
subprocess.check_output('systemctl start drakrun@1', shell=True)
logging.info("If you want to have more parallel instances, execute:")
logging.info(" # draksetup scale <number of instances>")
def postinstall(report, generate_usermode):
if not check_root():
return
if os.path.exists(os.path.join(ETC_DIR, "no_usage_reports")):
report = False
install_info = InstallInfo.load()
storage_backend = get_storage_backend(install_info)
vm0 = VirtualMachine(storage_backend, 0)
if vm0.is_running is False:
logging.exception("vm-0 is not running")
return
logging.info("Cleaning up leftovers(if any)")
cleanup_postinstall_files()
logging.info("Ejecting installation CDs")
eject_cd("vm-0", FIRST_CDROM_DRIVE)
if install_info.enable_unattended:
# If unattended install is enabled, we have an additional CD-ROM drive
eject_cd("vm-0", SECOND_CDROM_DRIVE)
kernel_info = vmi_win_guid("vm-0")
logging.info(f"Determined PDB GUID: {kernel_info.guid}")
logging.info(f"Determined kernel filename: {kernel_info.filename}")
logging.info("Fetching PDB file...")
dest = fetch_pdb(kernel_info.filename,
kernel_info.guid,
destdir=PROFILE_DIR)
logging.info("Generating profile out of PDB file...")
profile = make_pdb_profile(dest)
logging.info("Saving profile...")
kernel_profile = os.path.join(PROFILE_DIR, "kernel.json")
with open(kernel_profile, "w") as f:
f.write(profile)
safe_delete(dest)
vmi_offsets = extract_vmi_offsets("vm-0", kernel_profile)
explorer_pid = extract_explorer_pid("vm-0", kernel_profile, vmi_offsets)
runtime_info = RuntimeInfo(vmi_offsets=vmi_offsets,
inject_pid=explorer_pid)
logging.info("Saving runtime profile...")
with open(os.path.join(PROFILE_DIR, "runtime.json"), "w") as f:
f.write(runtime_info.to_json(indent=4))
logging.info("Saving VM snapshot...")
# Create vm-0 snapshot, and destroy it
# WARNING: qcow2 snapshot method is a noop. fresh images are created on the fly
# so we can't keep the vm-0 running
vm0.save(os.path.join(VOLUME_DIR, "snapshot.sav"))
logging.info("Snapshot was saved succesfully.")
# Memory state is frozen, we can't do any writes to persistent storage
logging.info("Snapshotting persistent memory...")
storage_backend.snapshot_vm0_volume()
if report:
send_usage_report({
"kernel": {
"guid": kernel_info.guid,
"filename": kernel_info.filename,
"version": kernel_info.version,
},
"install_iso": {
"sha256": install_info.iso_sha256
},
})
if generate_usermode:
# Restore a VM and create usermode profiles
create_missing_profiles()
logging.info("All right, drakrun setup is done.")
logging.info("First instance of drakrun will be enabled automatically...")
subprocess.check_output("systemctl enable drakrun@1", shell=True)
subprocess.check_output("systemctl start drakrun@1", shell=True)
logging.info("If you want to have more parallel instances, execute:")
logging.info(" # draksetup scale <number of instances>")