Python volatility.obj.NativeType() Examples

The following are 30 code examples of volatility.obj.NativeType(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module volatility.obj , or try the search function .
Example #1
Source File: linux.py    From aumfor with GNU General Public License v3.0 6 votes vote down vote up 
def get_task_start_time(self):
        if hasattr(self, "real_start_time"):
            start_time = self.real_start_time
        else:
            start_time = self.start_time

        if type(start_time) == volatility.obj.NativeType and type(start_time.v()) == long:
            start_time = linux_common.vol_timespec(start_time.v() / 0x989680 / 100, 0)

        start_secs = start_time.tv_sec + (start_time.tv_nsec / linux_common.nsecs_per / 100)

        boot_time =  self.get_boot_time()
       
        if boot_time != -1:
            sec = boot_time + start_secs

            # convert the integer as little endian 
            try:
                data = struct.pack("<I", sec)
            except struct.error, e:
                # in case we exceed 0 <= number <= 4294967295
                return 0

            bufferas = addrspace.BufferAddressSpace(self.obj_vm.get_config(), data = data)
            dt = obj.Object("UnixTimeStamp", offset = 0, vm = bufferas, is_utc = True)
Example #2
Source File: linux.py    From volatility with GNU General Public License v2.0 6 votes vote down vote up 
def get_task_start_time(self):
        if hasattr(self, "real_start_time"):
            start_time = self.real_start_time
        else:
            start_time = self.start_time

        if type(start_time) == volatility.obj.NativeType and type(start_time.v()) == long:
            start_time = linux_common.vol_timespec(start_time.v() / 0x989680 / 100, 0)

        start_secs = start_time.tv_sec + (start_time.tv_nsec / linux_common.nsecs_per / 100)

        boot_time =  self.get_boot_time()
       
        if boot_time != -1:
            sec = boot_time + start_secs

            # convert the integer as little endian 
            try:
                data = struct.pack("<I", sec)
            except struct.error, e:
                # in case we exceed 0 <= number <= 4294967295
                return 0

            bufferas = addrspace.BufferAddressSpace(self.obj_vm.get_config(), data = data)
            dt = obj.Object("UnixTimeStamp", offset = 0, vm = bufferas, is_utc = True)
Example #3
Source File: linux.py    From volatility with GNU General Public License v2.0 6 votes vote down vote up 
def uid(self):
        ret = self.members.get("uid")
        if ret is None:
            if hasattr(self.cred.uid, "val"):
                ret = self.cred.uid.val
            else:
                ret = self.cred.uid
        else:
            ret = self.m("uid")

        if type(ret) in [obj.CType, obj.NativeType]:
            ret = ret.v()

        if ret > 1000000:
            ret = -1

        return ret
Example #4
Source File: basic.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, **kwargs):
        obj.NativeType.__init__(self, theType, offset, vm, format_string = "16s", **kwargs)
Example #5
Source File: basic.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return utils.inet_ntop(socket.AF_INET, obj.NativeType.v(self))
Example #6
Source File: basic.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return utils.inet_ntop(socket.AF_INET, struct.pack("<I", obj.NativeType.v(self)))
Example #7
Source File: basic.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, **kwargs):
        obj.NativeType.__init__(self, theType, offset, vm, format_string = vm.profile.native_types['unsigned int'][1], **kwargs)
Example #8
Source File: windows.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def as_windows_timestamp(self):
        return obj.NativeType.v(self) >> 3
Example #9
Source File: windows.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def as_dos_timestamp(self):
        return obj.NativeType.v(self)
Example #10
Source File: windows.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, is_utc = False, **kwargs):
        self.is_utc = is_utc
        obj.NativeType.__init__(self, theType, offset, vm, format_string = "<I", **kwargs)
Example #11
Source File: windows.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def as_windows_timestamp(self):
        return obj.NativeType.v(self)
Example #12
Source File: windows.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, is_utc = False, **kwargs):
        self.is_utc = is_utc
        obj.NativeType.__init__(self, theType, offset, vm, format_string = "q", **kwargs)
Example #13
Source File: basic.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return obj.NativeType.v(self)
Example #14
Source File: basic.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType = None, offset = 0, vm = None, parent = None,
                 choices = None, target = "unsigned long", **kwargs):
        self.choices = choices or {}
        self.target = target
        self.target_obj = obj.Object(target, offset = offset, vm = vm, parent = parent)
        obj.NativeType.__init__(self, theType, offset, vm, parent, **kwargs)
Example #15
Source File: basic.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return utils.inet_ntop(socket.AF_INET6, obj.NativeType.v(self))
Example #16
Source File: basic.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, **kwargs):
        obj.NativeType.__init__(self, theType, offset, vm, format_string = "16s", **kwargs)
Example #17
Source File: basic.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return obj.NativeType.v(self)
Example #18
Source File: basic.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return utils.inet_ntop(socket.AF_INET6, obj.NativeType.v(self))
Example #19
Source File: basic.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType = None, offset = 0, vm = None, parent = None,
                 choices = None, target = "unsigned long", **kwargs):
        self.choices = choices or {}
        self.target = target
        self.target_obj = obj.Object(target, offset = offset, vm = vm, parent = parent)
        obj.NativeType.__init__(self, theType, offset, vm, parent, **kwargs)
Example #20
Source File: basic.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return obj.NativeType.v(self)
Example #21
Source File: windows.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, is_utc = False, **kwargs):
        self.is_utc = is_utc
        obj.NativeType.__init__(self, theType, offset, vm, format_string = "q", **kwargs)
Example #22
Source File: windows.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def as_windows_timestamp(self):
        return obj.NativeType.v(self)
Example #23
Source File: windows.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, is_utc = False, **kwargs):
        self.is_utc = is_utc
        obj.NativeType.__init__(self, theType, offset, vm, format_string = "<I", **kwargs)
Example #24
Source File: windows.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def as_dos_timestamp(self):
        return obj.NativeType.v(self)
Example #25
Source File: windows.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def as_windows_timestamp(self):
        return obj.NativeType.v(self) >> 3
Example #26
Source File: basic.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, **kwargs):
        obj.NativeType.__init__(self, theType, offset, vm, format_string = vm.profile.native_types['unsigned int'][1], **kwargs)
Example #27
Source File: basic.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return utils.inet_ntop(socket.AF_INET, struct.pack("<I", obj.NativeType.v(self)))
Example #28
Source File: basic.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType, offset, vm, **kwargs):
        obj.NativeType.__init__(self, theType, offset, vm, format_string = "16s", **kwargs)
Example #29
Source File: basic.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def v(self):
        return utils.inet_ntop(socket.AF_INET6, obj.NativeType.v(self))
Example #30
Source File: basic.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up 
def __init__(self, theType = None, offset = 0, vm = None, parent = None,
                 choices = None, target = "unsigned long", **kwargs):
        self.choices = choices or {}
        self.target = target
        self.target_obj = obj.Object(target, offset = offset, vm = vm, parent = parent)
        obj.NativeType.__init__(self, theType, offset, vm, parent, **kwargs)