def _ScanProcess(self, process, scan_request, scan_response): rdf_process = rdf_client.Process.FromPsutilProcess(process) # TODO: Replace time.time() arithmetic with RDFDatetime # subtraction. start_time = time.time() try: matches = self._GetMatches(process, scan_request) scan_time = time.time() - start_time scan_time_us = int(scan_time * 1e6) except yara.TimeoutError: scan_response.errors.Append( rdf_memory.ProcessMemoryError( process=rdf_process, error="Scanning timed out (%s seconds)." % (time.time() - start_time))) return except Exception as e: # pylint: disable=broad-except scan_response.errors.Append( rdf_memory.ProcessMemoryError(process=rdf_process, error=str(e))) return if matches: scan_response.matches.Append( rdf_memory.YaraProcessScanMatch(process=rdf_process, match=matches, scan_time_us=scan_time_us)) else: scan_response.misses.Append( rdf_memory.YaraProcessScanMiss(process=rdf_process, scan_time_us=scan_time_us))
def _ScanProcess(self, process, scan_request, scan_response): rdf_process = rdf_client.Process.FromPsutilProcess(process) start_time = rdfvalue.RDFDatetime.Now() try: matches = self._GetMatches(process, scan_request) scan_time = rdfvalue.RDFDatetime.Now() - start_time scan_time_us = scan_time.ToInt(rdfvalue.MICROSECONDS) except YaraTimeoutError: scan_response.errors.Append( rdf_memory.ProcessMemoryError( process=rdf_process, error="Scanning timed out (%s)." % (rdfvalue.RDFDatetime.Now() - start_time))) return except Exception as e: # pylint: disable=broad-except scan_response.errors.Append( rdf_memory.ProcessMemoryError(process=rdf_process, error=str(e))) return if matches: scan_response.matches.Append( rdf_memory.YaraProcessScanMatch(process=rdf_process, match=matches, scan_time_us=scan_time_us)) else: scan_response.misses.Append( rdf_memory.YaraProcessScanMiss(process=rdf_process, scan_time_us=scan_time_us))
def Run(self, args): result = rdf_memory.YaraProcessScanResponse() for p in ProcessIterator(args.pids, args.process_regex, args.ignore_grr_process, result.errors): self.Progress() n_results = len(result.errors) + len(result.matches) + len( result.misses) if n_results >= self._RESULTS_PER_RESPONSE: self.SendReply(result) result = rdf_memory.YaraProcessScanResponse() rdf_process = rdf_client.Process.FromPsutilProcess(p) start_time = time.time() try: matches = self._ScanProcess(p, args) scan_time = time.time() - start_time scan_time_us = int(scan_time * 1e6) except yara.TimeoutError: result.errors.Append( rdf_memory.ProcessMemoryError( process=rdf_process, error="Scanning timed out (%s seconds)." % (time.time() - start_time))) continue except Exception as e: # pylint: disable=broad-except result.errors.Append( rdf_memory.ProcessMemoryError(process=rdf_process, error=str(e))) continue if matches: result.matches.Append( rdf_memory.YaraProcessScanMatch(process=rdf_process, match=matches, scan_time_us=scan_time_us)) else: result.misses.Append( rdf_memory.YaraProcessScanMiss(process=rdf_process, scan_time_us=scan_time_us)) self.SendReply(result)