fibratus.stop_ktrace() return 0 set_console_ctrl_handler(handle_ctrl_c, True) if not filament: if len(kevent_filters) > 0: fibratus.add_filters(kevent_filters) else: if len(filament_filters) > 0: fibratus.add_filters(filament_filters) else: fibratus.add_filters([]) try: fibratus.run() except KeyboardInterrupt: set_console_ctrl_handler(handle_ctrl_c, False) elif args['list-filaments']: filaments = Tabular(['Filament', 'Description'], 'Description', sort_by='Filament') for filament, desc in Filament.list_filaments().items(): filaments.add_row([filament, desc]) filaments.draw() elif args['list-kevents']: kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description', sort_by='Category') for kevent, meta in KEvents.meta_info().items(): kevents.add_row([kevent, meta[0].name, meta[1]]) kevents.draw()
def test_kevents_meta_info(self): kevents_meta_info = KEvents.meta_info() assert isinstance(kevents_meta_info, dict) cat, description = kevents_meta_info[KEvents.CREATE_PROCESS] assert cat == Category.PROCESS assert description
def main(): if args['run']: if len(kevent_filters) > 0 and not filament_name: for kfilter in kevent_filters: _check_kevent(kfilter) enum_handles = False if args['--no-enum-handles'] else True cswitch = True if args['--cswitch'] else False filament = None filament_filters = [] if filament_name: if not Filament.exists(filament_name): panic('fibratus run: ERROR - %s filament does not exist. Run list-filaments to see ' 'the available filaments' % filament_name) filament = Filament() try: filament.load_filament(filament_name) except FilamentError as e: panic('fibratus run: ERROR - %s' % e) filament_filters = filament.filters if len(filament_filters) > 0: for kfilter in filament_filters: _check_kevent(kfilter) filament.render_tabular() try: fibratus = Fibratus(filament, enum_handles=enum_handles, cswitch=cswitch) except KeyboardInterrupt: # the user has stopped command execution # before opening the kernel event stream sys.exit(0) @PHANDLER_ROUTINE def handle_ctrl_c(event): if event == 0: fibratus.stop_ktrace() return 0 set_console_ctrl_handler(handle_ctrl_c, True) # add specific filters filters = dict() filters['pid'] = args['--pid'] if args['--pid'] else None filters['image'] = args['--image'] if args['--image'] else None if not filament: if len(kevent_filters) > 0: fibratus.add_filters(kevent_filters, **filters) else: fibratus.add_filters([], **filters) else: if len(filament_filters) > 0: fibratus.add_filters(filament_filters, **filters) else: fibratus.add_filters([], **filters) try: fibratus.run() except KeyboardInterrupt: set_console_ctrl_handler(handle_ctrl_c, False) elif args['list-filaments']: filaments = Tabular(['Filament', 'Description'], 'Description', sort_by='Filament') for filament, desc in Filament.list_filaments().items(): filaments.add_row([filament, desc]) filaments.draw() elif args['list-kevents']: kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description', sort_by='Category') for kevent, meta in KEvents.meta_info().items(): kevents.add_row([kevent, meta[0].name, meta[1]]) kevents.draw()
def main(): if args['run']: if len(kevent_filters) > 0 and not filament_name: for kfilter in kevent_filters: _check_kevent(kfilter) enum_handles = False if args['--no-enum-handles'] else True cswitch = True if args['--cswitch'] else False filament = None filament_filters = [] if not filament_name: print('Starting fibratus...') else: if not Filament.exists(filament_name): panic( 'fibratus run: ERROR - %s filament does not exist. Run list-filaments to see ' 'the availble filaments' % filament_name) filament = Filament() try: filament.load_filament(filament_name) except FilamentError as e: panic('fibratus run: ERROR - %s' % e) filament_filters = filament.filters if len(filament_filters) > 0: for kfilter in filament_filters: _check_kevent(kfilter) filament.render_tabular() try: fibratus = Fibratus(filament, enum_handles=enum_handles, cswitch=cswitch) except KeyboardInterrupt: # the user has stopped command execution # before opening the kernel event stream sys.exit(0) @PHANDLER_ROUTINE def handle_ctrl_c(event): if event == 0: fibratus.stop_ktrace() return 0 set_console_ctrl_handler(handle_ctrl_c, True) # add specific filters filters = dict() filters['pid'] = args['--pid'] if args['--pid'] else None if not filament: if len(kevent_filters) > 0: fibratus.add_filters(kevent_filters, **filters) else: fibratus.add_filters([], **filters) else: if len(filament_filters) > 0: fibratus.add_filters(filament_filters, **filters) else: fibratus.add_filters([], **filters) try: fibratus.run() except KeyboardInterrupt: set_console_ctrl_handler(handle_ctrl_c, False) elif args['list-filaments']: filaments = Tabular(['Filament', 'Description'], 'Description', sort_by='Filament') for filament, desc in Filament.list_filaments().items(): filaments.add_row([filament, desc]) filaments.draw() elif args['list-kevents']: kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description', sort_by='Category') for kevent, meta in KEvents.meta_info().items(): kevents.add_row([kevent, meta[0].name, meta[1]]) kevents.draw()
set_console_ctrl_handler(handle_ctrl_c, True) if not filament: if len(kevent_filters) > 0: fibratus.add_filters(kevent_filters) else: if len(filament_filters) > 0: fibratus.add_filters(filament_filters) else: fibratus.add_filters([]) try: fibratus.run() except KeyboardInterrupt: set_console_ctrl_handler(handle_ctrl_c, False) elif args['list-filaments']: filaments = Filament.list_filaments() table = PrettyTable(['Filament', 'Description']) table.align['Description'] = 'l' table.sortby = 'Filament' for filament, desc in filaments.items(): table.add_row([filament, desc]) IO.write_console(table.get_string()) elif args['list-kevents']: kevent_types = KEvents.meta_info() table = PrettyTable(['KEvent', 'Category', 'Description']) table.align['Description'] = 'l' table.sortby = 'Category' for kevent, meta in kevent_types.items(): table.add_row([kevent, meta[0].name, meta[1]]) IO.write_console(table.get_string())
set_console_ctrl_handler(handle_ctrl_c, True) if not filament: if len(kevent_filters) > 0: fibratus.add_filters(kevent_filters) else: if len(filament_filters) > 0: fibratus.add_filters(filament_filters) else: fibratus.add_filters([]) try: fibratus.run() except KeyboardInterrupt: set_console_ctrl_handler(handle_ctrl_c, False) elif args['list-filaments']: filaments = Tabular(['Filament', 'Description'], 'Description', sort_by='Filament') for filament, desc in Filament.list_filaments().items(): filaments.add_row([filament, desc]) filaments.draw() elif args['list-kevents']: kevents = Tabular(['KEvent', 'Category', 'Description'], 'Description', sort_by='Category') for kevent, meta in KEvents.meta_info().items(): kevents.add_row([kevent, meta[0].name, meta[1]]) kevents.draw()