def __init__(self, base, config, layered=False, **kwargs): addrspace.BaseAddressSpace.__init__(self, base, config, **kwargs) self.as_assert(base == None or layered, 'Must be first address space') if config.LOPHI_CACHE: logger.info("LO-PHI Cache ENABLED.") cache_timeout = 1 else: cache_timeout = 0 if config.LOCATION.startswith("lophi://"): location = config.LOCATION[8:] self.client = MemorySensorPhysical(location, cache_timeout=cache_timeout) elif config.LOCATION.startswith("vmi://"): location = config.LOCATION[6:] self.client = MemorySensorVirtual(location, cache_timeout=cache_timeout) self.dtb = self.get_cr3() else: raise ( "Not a valid LO-PHI URN. (lophi:// for physical and vmi:// for virtual)" ) self.fname = location self.name = location self.cache = False self.cache_data = {} self.address = 0 if config.RAM_SIZE is None: print "ERROR/LO-PHI: No RAM size defined. (e.g. --ram_size=12GB)" sys.exit(0) self.size = self.parse_byte_amount(config.RAM_SIZE) self.config = config self._exclusions = sorted( []) # no info about the HW, nothing to exclude
def main(options): if options.replay_file is not None: cap_reader = CaptureReader(options.replay_file) for (ts, data) in cap_reader: print "Time: ", ts, "s" print MemorySensorPacket(data) return if options.sensor_type == G.MACHINE_TYPES.PHYSICAL: client = MemorySensorPhysical(options.target, cache_timeout=0, use_threading=False) else: client = MemorySensorVirtual(options.target) READ_SIZE = int(options.read_size) start_addr = options.startaddr # Create our output file try: os.makedirs(os.path.dirname(options.output)) except: pass try: mcap_writer = None if options.loop_forever == True: logger.debug("Creating capture file.") options.output += ".mcap" mcap_writer = CaptureWriter(options.output) mcap_writer.start() else: logger.debug("Creating dump file.") options.output += ".mfd" output_file = open(options.output, "w+") except: print "ERROR: Could not open output file." sys.exit(0) # Read memory count = 0 start = time.time() sensor_packet = MemorySensorPacket() while True: try: # Get memory from remote system # Read memory data = client.read(start_addr, READ_SIZE) # Write to file? if not options.loop_forever: output_file.write(data) else: sensor_packet.address = start_addr sensor_packet.data = data sensor_packet.length = READ_SIZE mcap_writer.put(sensor_packet) # Just read once? if not options.loop_forever: break else: print "Completed read #%d" % count count += 1 except: # Just finish up break end = time.time() # Do we have an mcap file to close? if mcap_writer is not None: mcap_writer.stop() else: # Close output file output_file.close() print "Memory dump (%d bytes) written to %s. Took %s seconds." % ( len(data), options.output, end - start)
def __init__(self, vm_name, vm_type=G.MACHINE_TYPES.KVM, static_mac=None, memory_size=1073741824, cpu_count=1, force_new=False, volatility_profile=None, **kargs): """ Initialize @param config: Machine configuration object @param init_sensors: Initialize all sensors by default """ # Initialize our state variables self.type = vm_type self.MACHINE_TYPE = vm_type class MachineConfig(): # Name name = vm_name # DISK disk = os.path.join(G.DIR_ROOT,G.DIR_VM_OUTPUT,vm_name+".qcow2") disk_base = None # Config vm_config = os.path.join(G.DIR_ROOT,G.DIR_VM_OUTPUT,vm_name+".xml") config = MachineConfig() # MAC if static_mac is None: config.__dict__['mac_addr'] = self.__get_new_mac() else: config.__dict__['mac_addr'] = static_mac config.__dict__['vm_name'] = vm_name config.__dict__['memory_size'] = memory_size config.__dict__['cpu_count'] = cpu_count config.__dict__['volatility_profile'] = volatility_profile Machine.__init__(self, config) # Add all of our sensors # Control sensor must be added first to interact with libvirt self.add_sensor(ControlSensorVirtual(vm_name,vm_type)) # What state are we in? state = self.control.get_state() # UKNOWN is does not exist if force_new and state is None: self.lophi_init() elif state != G.SENSOR_CONTROL.POWER_STATUS.UNKNOWN: logger.debug("VM (%s) already exists."%self.config.name) # Add all of our sensors to this VM vm_disk = self.disk_get_filename() if vm_disk is not None: self.add_sensor(DiskSensorVirtual(vm_disk)) else: self.add_sensor(DiskSensorVirtual(self.config.disk)) self.add_sensor(CPUSensorVirtual(config.vm_name)) self.add_sensor(MemorySensorVirtual(config.vm_name)) net_iface = self.network_get_interface() if net_iface is not None: self.add_sensor(NetworkSensorVirtual(net_iface)) else: logger.warn("No network intface exists for %s"%self.config.vm_name) # Do we need to mutex these accesses? self.REQUIRE_MUTEX = False if "require_mutex" in kargs and kargs['require_mutex']: self.REQUIRE_MUTEX = True # Force a completely fresh instance? if "force_new" in kargs and kargs['force_new']: # Poweroff existing machine self.control.power_off()