Python volatility.plugins.taskmods.PSList() Examples
The following are 4
code examples of volatility.plugins.taskmods.PSList().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
volatility.plugins.taskmods
, or try the search function
.
.
Example #1
| Source File: pslist_json.py From aumfor with GNU General Public License v3.0 | 6 votes |
|
def main():
## sys.argv[1] = volatility profile
## sys.argv[2] = full path on disk to your memory sample
config = libapi.get_config(sys.argv[1], sys.argv[2])
data = libapi.get_json(config, taskmods.PSList)
## `data` now contains json with two keys: `columns` and `rows`, where `columns`
## contains a list of column headings (matching the corresponding volatility
## plugin output) and `rows` contains a list of the values for each object found.
## you can either print/save all columns, or you can drill down to a particular
## column by getting the desired column's index as shown below and then accessing
## the index in each row. the following example prints each process' name.
name_index = data['columns'].index('Name')
for row in data['rows']:
print row[name_index]
Example #2
| Source File: pslist_json.py From volatility with GNU General Public License v2.0 | 6 votes |
|
def main():
## sys.argv[1] = volatility profile
## sys.argv[2] = full path on disk to your memory sample
config = libapi.get_config(sys.argv[1], sys.argv[2])
data = libapi.get_json(config, taskmods.PSList)
## `data` now contains json with two keys: `columns` and `rows`, where `columns`
## contains a list of column headings (matching the corresponding volatility
## plugin output) and `rows` contains a list of the values for each object found.
## you can either print/save all columns, or you can drill down to a particular
## column by getting the desired column's index as shown below and then accessing
## the index in each row. the following example prints each process' name.
name_index = data['columns'].index('Name')
for row in data['rows']:
print row[name_index]
Example #3
| Source File: pslist_json.py From vortessence with GNU General Public License v2.0 | 6 votes |
|
def main():
## sys.argv[1] = volatility profile
## sys.argv[2] = full path on disk to your memory sample
config = libapi.get_config(sys.argv[1], sys.argv[2])
data = libapi.get_json(config, taskmods.PSList)
## `data` now contains json with two keys: `columns` and `rows`, where `columns`
## contains a list of column headings (matching the corresponding volatility
## plugin output) and `rows` contains a list of the values for each object found.
## you can either print/save all columns, or you can drill down to a particular
## column by getting the desired column's index as shown below and then accessing
## the index in each row. the following example prints each process' name.
name_index = data['columns'].index('Name')
for row in data['rows']:
print row[name_index]
Example #4
| Source File: memory.py From CuckooSploit with GNU General Public License v3.0 | 5 votes |
|
def pslist(self):
"""Volatility pslist plugin.
@see volatility/plugins/taskmods.py
"""
log.debug("Executing Volatility pslist plugin on "
"{0}".format(self.memdump))
self.__config()
results = []
command = taskmods.PSList(self.config)
for process in command.calculate():
new = {
"process_name": str(process.ImageFileName),
"process_id": int(process.UniqueProcessId),
"parent_id": int(process.InheritedFromUniqueProcessId),
"num_threads": str(process.ActiveThreads),
"num_handles": str(process.ObjectTable.HandleCount),
"session_id": str(process.SessionId),
"create_time": str(process.CreateTime or ""),
"exit_time": str(process.ExitTime or ""),
}
results.append(new)
return dict(config={}, data=results)
