Python common.set_plugin_members() Examples
The following are 5
code examples of common.set_plugin_members().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
common
, or try the search function
.
.
Example #1
| Source File: check_syscall_table.py From aumfor with GNU General Public License v3.0 | 5 votes |
|
def calculate(self):
common.set_plugin_members(self)
if self._config.SYSCALL_INDEXES:
index_names = self._parse_handler_names()
else:
index_names = None
sym_addrs = self.profile.get_all_addresses()
table_addr = self.addr_space.profile.get_symbol("_sysent")
nsysent = obj.Object("int", offset = self.addr_space.profile.get_symbol("_nsysent"), vm = self.addr_space)
sysents = obj.Object(theType = "Array", offset = table_addr, vm = self.addr_space, count = nsysent, targetType = "sysent")
for (i, sysent) in enumerate(sysents):
ent_addr = sysent.sy_call.v()
hooked = ent_addr not in sym_addrs
if index_names:
sym_name = index_names[i]
else:
sym_name = self.profile.get_symbol_by_address("kernel", ent_addr)
if not sym_name:
sym_name = "N/A"
yield (table_addr, "SyscallTable", i, ent_addr, sym_name, hooked)
Example #2
| Source File: check_syscall_table.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def calculate(self):
common.set_plugin_members(self)
if self._config.SYSCALL_INDEXES:
index_names = self._parse_handler_names()
else:
index_names = None
sym_addrs = self.profile.get_all_addresses()
table_addr = self.addr_space.profile.get_symbol("_sysent")
nsysent = obj.Object("int", offset = self.addr_space.profile.get_symbol("_nsysent"), vm = self.addr_space)
if nsysent == None or nsysent == 0:
return
sysents = obj.Object(theType = "Array", offset = table_addr, vm = self.addr_space, count = nsysent, targetType = "sysent")
if sysents == None:
return
for (i, sysent) in enumerate(sysents):
ent_addr = sysent.sy_call.v()
hooked = ent_addr not in sym_addrs
if index_names:
sym_name = index_names[i]
else:
sym_name = self.profile.get_symbol_by_address("kernel", ent_addr)
if not sym_name:
sym_name = "N/A"
yield (table_addr, "SyscallTable", i, ent_addr, sym_name, hooked)
Example #3
| Source File: check_syscall_table.py From vortessence with GNU General Public License v2.0 | 5 votes |
|
def calculate(self):
common.set_plugin_members(self)
if self._config.SYSCALL_INDEXES:
index_names = self._parse_handler_names()
else:
index_names = None
sym_addrs = self.profile.get_all_addresses()
table_addr = self.addr_space.profile.get_symbol("_sysent")
nsysent = obj.Object("int", offset = self.addr_space.profile.get_symbol("_nsysent"), vm = self.addr_space)
sysents = obj.Object(theType = "Array", offset = table_addr, vm = self.addr_space, count = nsysent, targetType = "sysent")
for (i, sysent) in enumerate(sysents):
ent_addr = sysent.sy_call.v()
hooked = ent_addr not in sym_addrs
if index_names:
sym_name = index_names[i]
else:
sym_name = self.profile.get_symbol_by_address("kernel", ent_addr)
if not sym_name:
sym_name = "N/A"
yield (table_addr, "SyscallTable", i, ent_addr, sym_name, hooked)
Example #4
| Source File: check_syscall_table.py From DAMM with GNU General Public License v2.0 | 5 votes |
|
def calculate(self):
common.set_plugin_members(self)
if self._config.SYSCALL_INDEXES:
index_names = self._parse_handler_names()
else:
index_names = None
sym_addrs = self.profile.get_all_addresses()
table_addr = self.addr_space.profile.get_symbol("_sysent")
nsysent = obj.Object("int", offset = self.addr_space.profile.get_symbol("_nsysent"), vm = self.addr_space)
sysents = obj.Object(theType = "Array", offset = table_addr, vm = self.addr_space, count = nsysent, targetType = "sysent")
for (i, sysent) in enumerate(sysents):
ent_addr = sysent.sy_call.v()
hooked = ent_addr not in sym_addrs
if index_names:
sym_name = index_names[i]
else:
sym_name = self.profile.get_symbol_by_address("kernel", ent_addr)
if not sym_name:
sym_name = "N/A"
yield (table_addr, "SyscallTable", i, ent_addr, hooked, sym_name)
Example #5
| Source File: check_syscall_table.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def calculate(self):
common.set_plugin_members(self)
if self._config.SYSCALL_INDEXES:
index_names = self._parse_handler_names()
else:
index_names = None
sym_addrs = self.profile.get_all_addresses()
table_addr = self.addr_space.profile.get_symbol("_sysent")
nsysent = obj.Object("int", offset = self.addr_space.profile.get_symbol("_nsysent"), vm = self.addr_space)
sysents = obj.Object(theType = "Array", offset = table_addr, vm = self.addr_space, count = nsysent, targetType = "sysent")
for (i, sysent) in enumerate(sysents):
ent_addr = sysent.sy_call.v()
hooked = ent_addr not in sym_addrs
if index_names:
sym_name = index_names[i]
else:
sym_name = self.profile.get_symbol_by_address("kernel", ent_addr)
if not sym_name:
sym_name = "N/A"
yield (table_addr, "SyscallTable", i, ent_addr, hooked, sym_name)
