-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmemory.py
100 lines (70 loc) · 2.59 KB
/
memory.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import subprocess
class Volatility:
def __init__(self, python_path, vol_path, mem_file, profile):
self.mem_file = mem_file
self.profile = profile
self.volatility = vol_path
self.python = python_path
def run_cmd(self, cmd, args=[]):
pargs = [self.python, self.volatility, self.profile, '-f', self.mem_file, cmd]
if len(args):
pargs.extend(args)
proc = subprocess.Popen(pargs, stdout=subprocess.PIPE)
return proc.communicate()[0]
def psxview(self):
return self.run_cmd('linux_psxview')
def pslist(self):
return self.run_cmd('linux_pslist')
def pidhashtable(self):
return self.run_cmd('linux_pidhashtable')
def pstree(self):
return self.run_cmd('linux_pstree')
def psaux(self):
return self.run_cmd('linux_psaux')
def psenv(self):
return self.run_cmd('linux_psenv')
def threads(self):
return self.run_cmd('linux_threads')
def netstat(self):
args = ["-U"]
return self.run_cmd('linux_netstat', args)
def ifconfig(self):
return self.run_cmd('linux_ifconfig')
def list_raw(self):
return self.run_cmd('linux_list_raw')
def library_list(self):
return self.run_cmd('linux_library_list')
def ldrmodules(self):
return self.run_cmd('linux_ldrmodules')
def lsmod(self):
return self.run_cmd('linux_lsmod')
def check_modules(self):
return self.run_cmd('linux_check_modules')
def hidden_modules(self):
return self.run_cmd('linux_hidden_modules')
def kernel_opened_files(self):
return self.run_cmd('linux_kernel_opened_files')
def check_creds(self):
return self.run_cmd('linux_check_creds')
def keyboard_notifiers(self):
return self.run_cmd('linux_keyboard_notifiers')
def check_tty(self):
return self.run_cmd('linux_check_tty')
def check_syscall(self):
return self.run_cmd('linux_check_syscall')
def bash_history(self):
return self.run_cmd('linux_bash')
def check_fop(self):
return self.run_cmd('linux_check_fop')
def check_afinfo(self):
return self.run_cmd('linux_check_afinfo')
def netfilter(self):
return self.run_cmd('linux_netfilter')
def check_inline_kernel(self):
return self.run_cmd('linux_check_inline_kernel')
def malfind(self):
return self.run_cmd('linux_malfind')
def plthook(self):
return self.run_cmd('linux_plthook')
def apihooks(self):
return self.run_cmd('linux_apihooks')