示例#1
0
                fibratus.stop_ktrace()
            return 0
        set_console_ctrl_handler(handle_ctrl_c, True)

        if not filament:
            if len(kevent_filters) > 0:
                fibratus.add_filters(kevent_filters)
        else:
            if len(filament_filters) > 0:
                fibratus.add_filters(filament_filters)
            else:
                fibratus.add_filters([])
        try:
            fibratus.run()
        except KeyboardInterrupt:
            set_console_ctrl_handler(handle_ctrl_c, False)

    elif args['list-filaments']:
        filaments = Tabular(['Filament', 'Description'], 'Description',
                            sort_by='Filament')
        for filament, desc in Filament.list_filaments().items():
            filaments.add_row([filament, desc])
        filaments.draw()

    elif args['list-kevents']:
        kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description',
                          sort_by='Category')
        for kevent, meta in KEvents.meta_info().items():
            kevents.add_row([kevent, meta[0].name, meta[1]])
        kevents.draw()
示例#2
0
 def test_kevents_meta_info(self):
     kevents_meta_info = KEvents.meta_info()
     assert isinstance(kevents_meta_info, dict)
     cat, description = kevents_meta_info[KEvents.CREATE_PROCESS]
     assert cat == Category.PROCESS
     assert description
示例#3
0
def main():
    if args['run']:
        if len(kevent_filters) > 0 and not filament_name:
            for kfilter in kevent_filters:
                _check_kevent(kfilter)

        enum_handles = False if args['--no-enum-handles'] else True
        cswitch = True if args['--cswitch'] else False

        filament = None
        filament_filters = []

        if filament_name:
            if not Filament.exists(filament_name):
                panic('fibratus run: ERROR - %s filament does not exist. Run list-filaments to see '
                      'the available filaments' % filament_name)
            filament = Filament()
            try:
                filament.load_filament(filament_name)
            except FilamentError as e:
                panic('fibratus run: ERROR - %s' % e)

            filament_filters = filament.filters

            if len(filament_filters) > 0:
                for kfilter in filament_filters:
                    _check_kevent(kfilter)

            filament.render_tabular()

        try:
            fibratus = Fibratus(filament, enum_handles=enum_handles, cswitch=cswitch)
        except KeyboardInterrupt:
            # the user has stopped command execution
            # before opening the kernel event stream
            sys.exit(0)

        @PHANDLER_ROUTINE
        def handle_ctrl_c(event):
            if event == 0:
                fibratus.stop_ktrace()
            return 0
        set_console_ctrl_handler(handle_ctrl_c, True)

        # add specific filters
        filters = dict()
        filters['pid'] = args['--pid'] if args['--pid'] else None
        filters['image'] = args['--image'] if args['--image'] else None

        if not filament:
            if len(kevent_filters) > 0:
                fibratus.add_filters(kevent_filters, **filters)
            else:
                fibratus.add_filters([], **filters)
        else:
            if len(filament_filters) > 0:
                fibratus.add_filters(filament_filters, **filters)
            else:
                fibratus.add_filters([], **filters)
        try:
            fibratus.run()
        except KeyboardInterrupt:
            set_console_ctrl_handler(handle_ctrl_c, False)

    elif args['list-filaments']:
        filaments = Tabular(['Filament', 'Description'], 'Description',
                            sort_by='Filament')
        for filament, desc in Filament.list_filaments().items():
            filaments.add_row([filament, desc])
        filaments.draw()

    elif args['list-kevents']:
        kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description',
                          sort_by='Category')
        for kevent, meta in KEvents.meta_info().items():
            kevents.add_row([kevent, meta[0].name, meta[1]])
        kevents.draw()
示例#4
0
 def test_kevents_meta_info(self):
     kevents_meta_info = KEvents.meta_info()
     assert isinstance(kevents_meta_info, dict)
     cat, description = kevents_meta_info[KEvents.CREATE_PROCESS]
     assert cat == Category.PROCESS
     assert description
示例#5
0
def main():
    if args['run']:
        if len(kevent_filters) > 0 and not filament_name:
            for kfilter in kevent_filters:
                _check_kevent(kfilter)

        enum_handles = False if args['--no-enum-handles'] else True
        cswitch = True if args['--cswitch'] else False

        filament = None
        filament_filters = []

        if not filament_name:
            print('Starting fibratus...')
        else:
            if not Filament.exists(filament_name):
                panic(
                    'fibratus run: ERROR - %s filament does not exist. Run list-filaments to see '
                    'the availble filaments' % filament_name)
            filament = Filament()
            try:
                filament.load_filament(filament_name)
            except FilamentError as e:
                panic('fibratus run: ERROR - %s' % e)

            filament_filters = filament.filters

            if len(filament_filters) > 0:
                for kfilter in filament_filters:
                    _check_kevent(kfilter)

            filament.render_tabular()

        try:
            fibratus = Fibratus(filament,
                                enum_handles=enum_handles,
                                cswitch=cswitch)
        except KeyboardInterrupt:
            # the user has stopped command execution
            # before opening the kernel event stream
            sys.exit(0)

        @PHANDLER_ROUTINE
        def handle_ctrl_c(event):
            if event == 0:
                fibratus.stop_ktrace()
            return 0

        set_console_ctrl_handler(handle_ctrl_c, True)

        # add specific filters
        filters = dict()
        filters['pid'] = args['--pid'] if args['--pid'] else None

        if not filament:
            if len(kevent_filters) > 0:
                fibratus.add_filters(kevent_filters, **filters)
            else:
                fibratus.add_filters([], **filters)
        else:
            if len(filament_filters) > 0:
                fibratus.add_filters(filament_filters, **filters)
            else:
                fibratus.add_filters([], **filters)
        try:
            fibratus.run()
        except KeyboardInterrupt:
            set_console_ctrl_handler(handle_ctrl_c, False)

    elif args['list-filaments']:
        filaments = Tabular(['Filament', 'Description'],
                            'Description',
                            sort_by='Filament')
        for filament, desc in Filament.list_filaments().items():
            filaments.add_row([filament, desc])
        filaments.draw()

    elif args['list-kevents']:
        kevents = Tabular(['KEvent', 'Category', 'Description'],
                          'Description',
                          sort_by='Category')
        for kevent, meta in KEvents.meta_info().items():
            kevents.add_row([kevent, meta[0].name, meta[1]])
        kevents.draw()
示例#6
0
文件: cli.py 项目: max3raza/fibratus
        set_console_ctrl_handler(handle_ctrl_c, True)

        if not filament:
            if len(kevent_filters) > 0:
                fibratus.add_filters(kevent_filters)
        else:
            if len(filament_filters) > 0:
                fibratus.add_filters(filament_filters)
            else:
                fibratus.add_filters([])
        try:
            fibratus.run()
        except KeyboardInterrupt:
            set_console_ctrl_handler(handle_ctrl_c, False)
    elif args['list-filaments']:
        filaments = Filament.list_filaments()
        table = PrettyTable(['Filament', 'Description'])
        table.align['Description'] = 'l'
        table.sortby = 'Filament'
        for filament, desc in filaments.items():
            table.add_row([filament, desc])
        IO.write_console(table.get_string())
    elif args['list-kevents']:
        kevent_types = KEvents.meta_info()
        table = PrettyTable(['KEvent', 'Category', 'Description'])
        table.align['Description'] = 'l'
        table.sortby = 'Category'
        for kevent, meta in kevent_types.items():
            table.add_row([kevent, meta[0].name, meta[1]])
        IO.write_console(table.get_string())
示例#7
0
        set_console_ctrl_handler(handle_ctrl_c, True)

        if not filament:
            if len(kevent_filters) > 0:
                fibratus.add_filters(kevent_filters)
        else:
            if len(filament_filters) > 0:
                fibratus.add_filters(filament_filters)
            else:
                fibratus.add_filters([])
        try:
            fibratus.run()
        except KeyboardInterrupt:
            set_console_ctrl_handler(handle_ctrl_c, False)
    elif args['list-filaments']:
        filaments = Filament.list_filaments()
        table = PrettyTable(['Filament', 'Description'])
        table.align['Description'] = 'l'
        table.sortby = 'Filament'
        for filament, desc in filaments.items():
            table.add_row([filament, desc])
        IO.write_console(table.get_string())
    elif args['list-kevents']:
        kevent_types = KEvents.meta_info()
        table = PrettyTable(['KEvent', 'Category', 'Description'])
        table.align['Description'] = 'l'
        table.sortby = 'Category'
        for kevent, meta in kevent_types.items():
            table.add_row([kevent, meta[0].name, meta[1]])
        IO.write_console(table.get_string())
示例#8
0
        set_console_ctrl_handler(handle_ctrl_c, True)

        if not filament:
            if len(kevent_filters) > 0:
                fibratus.add_filters(kevent_filters)
        else:
            if len(filament_filters) > 0:
                fibratus.add_filters(filament_filters)
            else:
                fibratus.add_filters([])
        try:
            fibratus.run()
        except KeyboardInterrupt:
            set_console_ctrl_handler(handle_ctrl_c, False)

    elif args['list-filaments']:
        filaments = Tabular(['Filament', 'Description'],
                            'Description',
                            sort_by='Filament')
        for filament, desc in Filament.list_filaments().items():
            filaments.add_row([filament, desc])
        filaments.draw()

    elif args['list-kevents']:
        kevents = Tabular(['KEvent', 'Category', 'Description'],
                          'Description',
                          sort_by='Category')
        for kevent, meta in KEvents.meta_info().items():
            kevents.add_row([kevent, meta[0].name, meta[1]])
        kevents.draw()