def LoadProfile(self, name, **kw): """Wraps the Rekall profile's LoadProfile to fetch profiles from GRR.""" profile = None # If the user specified a special profile path we use their choice. try: profile = super(GrrRekallSession, self).LoadProfile(name, **kw) except io_manager.IOManagerError as e: # Currently, Rekall will raise when the repository directory is not # created. This is fine, because we'll create the directory after # WriteRekallProfile runs a few lines later. self.logging.warning(e) if profile: return profile # Cant load the profile, we need to ask the server for it. self.logging.info("Asking server for profile %s", name) self.action.SendReply( rekall_types.RekallResponse( missing_profile=name, repository_version=constants.PROFILE_REPOSITORY_VERSION, )) # Wait for the server to wake us up. When we wake up the server should # have sent the profile over by calling the WriteRekallProfile. self.action.Suspend() # Now the server should have sent the data already. We try to load the # profile one more time. return super(GrrRekallSession, self).LoadProfile(name, use_cache=False)
def write_data_stream(self): """Prepares a RekallResponse and send to the server.""" if self.data: response_msg = rekall_types.RekallResponse( json_messages=self.robust_encoder.encode(self.data), json_context_messages=self.robust_encoder.encode( self.context_messages.items()), plugin=self.plugin) self.context_messages = self.new_context_messages self.new_context_messages = {} # Queue the response to the server. self.action.SendReply(response_msg)
def GetData(self, name, raw=False, default=None): # Cant load the profile, we need to ask the server for it. self.session.logging.info("Asking server for profile %s", name) UPLOADED_PROFILES.pop(name, None) self.session.action.SendReply(rekall_types.RekallResponse( missing_profile=name, repository_version=constants.PROFILE_REPOSITORY_VERSION,)) # Wait for the server to wake us up. When we wake up the server should # have sent the profile over by calling the WriteRekallProfile. self.session.action.Suspend() # We expect the profile to be here if all went well. result = UPLOADED_PROFILES.get(name, obj.NoneObject()).payload if result: return self.Decoder(result) return result