def load_as(config, astype='virtual', **kwargs):
"""Loads an address space by stacking valid ASes on top of each other (priority order first)"""
base_as = None
error = exceptions.AddrSpaceError()
# Start off requiring another round
found = True
## A full iteration through all the classes without anyone
## selecting us means we are done:
while found:
debug.debug("Voting round")
found = False
for cls in sorted(registry.get_plugin_classes(
addrspace.BaseAddressSpace).values(),
key=lambda x: x.order
if hasattr(x, 'order') else 10):
debug.debug("Trying {0} ".format(cls))
try:
base_as = cls(base_as, config, astype=astype, **kwargs)
debug.debug("Succeeded instantiating {0}".format(base_as))
found = True
break
except addrspace.ASAssertionError, e:
debug.debug(
"Failed instantiating {0}: {1}".format(cls.__name__, e), 2)
error.append_reason(cls.__name__, e)
continue
except Exception, e:
debug.debug("Failed instantiating (exception): {0}".format(e))
error.append_reason(cls.__name__ + " - EXCEPTION", e)
continue
def __config(self):
"""Creates a volatility configuration."""
self.config = conf.ConfObject()
self.config.optparser.set_conflict_handler("resolve")
registry.register_global_options(self.config, commands.Command)
base_conf = {
"profile": "WinXPSP2x86",
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"location": "file://" + self.memdump,
"plugins": None,
"debug": None,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
if self.osprofile:
base_conf["profile"] = self.osprofile
for key, value in base_conf.items():
self.config.update(key, value)
# Deal with Volatility support for KVM/qemu memory dump.
# See: #464.
try:
self.addr_space = utils.load_as(self.config)
except exc.AddrSpaceError as e:
if self._get_dtb():
self.addr_space = utils.load_as(self.config)
else:
raise exc.AddrSpaceError(e)
self.plugins = registry.get_plugin_classes(commands.Command,
lower=True)
return self.config
def load_as(config, astype='virtual', **kwargs):
"""Loads an address space by stacking valid ASes on top of each other (priority order first)"""
base_as = None
error = exceptions.AddrSpaceError()
# Start off requiring another round
found = True
## A full iteration through all the classes without anyone
## selecting us means we are done:
while found:
debug.debug("Voting round")
found = False
for cls in sorted(
list(
registry.get_plugin_classes(
addrspace.BaseAddressSpace).values()),
key=lambda x: x.order if hasattr(x, 'order') else 10,
):
debug.debug(f"Trying {cls} ")
try:
base_as = cls(base_as, config, astype=astype, **kwargs)
debug.debug(f"Succeeded instantiating {base_as}")
found = True
break
except addrspace.ASAssertionError as e:
debug.debug(f"Failed instantiating {cls.__name__}: {e}", 2)
error.append_reason(cls.__name__, e)
continue
# except Exception as e:
# debug.debug(f"Failed instantiating (exception): {e}")
# error.append_reason(f"{cls.__name__} - EXCEPTION", e)
# continue
if not isinstance(base_as, addrspace.AbstractVirtualAddressSpace) and (
astype == 'virtual'):
base_as = None
if base_as is None:
raise error
return base_as
