def calculate(self):
common.set_plugin_members(self)
nchrdev_addr = self.addr_space.profile.get_symbol("_nchrdev")
nchrdev = obj.Object("unsigned int",
offset=nchrdev_addr,
vm=self.addr_space)
cdevsw_addr = self.addr_space.profile.get_symbol("_cdevsw")
cdevsw = obj.Object(
theType="Array",
targetType="cdevsw",
offset=cdevsw_addr,
vm=self.addr_space,
count=nchrdev,
)
kaddr_info = common.get_handler_name_addrs(self)
op_members = list(
self.profile.types['cdevsw'].keywords["members"].keys())
op_members.remove('d_ttys')
op_members.remove('d_type')
files = mac_list_files.mac_list_files(self._config).calculate()
for vnode, path in files:
if vnode.v_type.v() not in [3, 4]:
continue
if path.startswith("/Macintosh HD"):
path = path[13:]
dn = vnode.v_data.dereference_as("devnode")
dev = dn.dn_typeinfo.dev
major = (dev >> 24) & 0xFF
if not (0 <= major <= nchrdev):
continue
cdev = cdevsw[major]
for member in op_members:
ptr = cdev.__getattr__(member).v()
if ptr != 0:
(module,
handler_sym) = common.get_handler_name(kaddr_info, ptr)
yield (cdev.v(), path, member, ptr, module, handler_sym)
def calculate(self):
mac_common.set_plugin_members(self)
num_files = 0
if (not self._config.DUMP_DIR or not os.path.isdir(self._config.DUMP_DIR)):
debug.error("Please specify an existing output dir (--dump-dir)")
ff = mac_list_files.mac_list_files(self._config)
for (vnode, path) in ff.calculate():
if self._make_path(vnode, path):
self._write_file(vnode, path)
num_files = num_files + 1
yield num_files
def calculate(self):
mac_common.set_plugin_members(self)
num_files = 0
if not self._config.DUMP_DIR or not os.path.isdir(
self._config.DUMP_DIR):
debug.error("Please specify an existing output dir (--dump-dir)")
ff = mac_list_files.mac_list_files(self._config)
for (vnode, path) in ff.calculate():
if self._make_path(vnode, path):
self._write_file(vnode, path)
num_files = num_files + 1
yield num_files
def calculate(self):
common.set_plugin_members(self)
nchrdev_addr = self.addr_space.profile.get_symbol("_nchrdev")
nchrdev = obj.Object("unsigned int", offset = nchrdev_addr, vm = self.addr_space)
cdevsw_addr = self.addr_space.profile.get_symbol("_cdevsw")
cdevsw = obj.Object(theType = "Array", targetType = "cdevsw", offset = cdevsw_addr, vm = self.addr_space, count = nchrdev)
kaddr_info = common.get_handler_name_addrs(self)
op_members = self.profile.types['cdevsw'].keywords["members"].keys()
op_members.remove('d_ttys')
op_members.remove('d_type')
files = mac_list_files.mac_list_files(self._config).calculate()
for vnode, path in files:
if vnode.v_type.v() not in [3, 4]:
continue
if path.startswith("/Macintosh HD"):
path = path[13:]
dn = vnode.v_data.dereference_as("devnode")
dev = dn.dn_typeinfo.dev
major = (dev >> 24) & 0xff
if not (0 <= major <= nchrdev):
continue
cdev = cdevsw[major]
for member in op_members:
ptr = cdev.__getattr__(member).v()
if ptr != 0:
(module, handler_sym) = common.get_handler_name(kaddr_info, ptr)
yield (cdev.v(), path, member, ptr, module, handler_sym)
