1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 """Support IPython 4.0."""
22
23
24
25 __author__ = "Michael Cohen <scudette@gmail.com>"
26 import logging
27 import re
28 import time
29
30 import readline
31
32 from pygments.token import Token
33 from pygments import styles
34
35 import IPython
36 from IPython.core import page
37 from IPython.core import oinspect
38 from IPython.core.interactiveshell import InteractiveShell
39 from IPython.terminal import embed
40 from IPython.terminal import prompts
41
42 try:
43 from traitlets.config.loader import Config
44 except ImportError:
45 from IPython.config.loader import Config
46
47 from rekall import constants
48 from rekall import config
49 from rekall import session as session_module
50 from rekall_lib import utils
51
52
53 config.DeclareOption(
54 "--highlighting_style", default="monokai", type="Choices",
55 choices=list(styles.get_all_styles()),
56 help="Highlighting style for interactive console.")
57
58
60 """Sophisticated command line completer for Rekall."""
61 try:
62 command_parts = self.line_buffer.split(" ")
63 command = command_parts[0]
64
65 if command.startswith("plugins."):
66 command = command[len("plugins."):]
67
68 global_matches = set(self.global_matches(command))
69
70
71 m = re.match("\"([^!]+![^\"]*)$", command_parts[-1])
72 if m:
73 session = self.namespace.get("session")
74
75
76 result = session.address_resolver.search_symbol(m.group(1) + "*")
77 if len(result) == 1:
78 result = [result[0] + "\""]
79
80 result = [utils.SmartUnicode(x.split("!", 1)[1]) for x in result]
81 return result
82
83
84
85 if (command in global_matches and len(command_parts) > 1):
86
87 obj = self.namespace.get(command)
88 if obj:
89 try:
90 matches = [
91 "%s=" % x["name"] for x in obj.Metadata()["arguments"]]
92 return [utils.SmartUnicode(x)
93 for x in matches if x.startswith(text)]
94 except Exception:
95 pass
96
97 return []
98
99
100
101 except Exception as e:
102 logging.debug(e)
103
104 return []
105
106
108 """Rekall specific object inspector.
109
110 Rekall populates the environment with "plugin runners" which are proxies of
111 the actual plugin that will be invoked. The exact plugin will be invoked
112 depending on the profile availability.
113
114 In order to make ipython's ? and ?? operators work, we need to implement
115 specialized inspection to present the doc strings and arg list of the actual
116 plugin.
117 """
118
132
149
151 """Generate info dict for a plugin from a plugin runner."""
152 plugin_class = getattr(
153 runner.session.plugins, runner.plugin_name)._target
154
155 display_fields = [
156 ("file", oinspect.find_file(plugin_class)),
157 ("Plugin", "%s (%s)" % (plugin_class.__name__, plugin_class.name))]
158 if getattr(plugin_class, "table_header", None):
159 display_fields.append(
160 ("", "This is a Typed Plugin."))
161
162 display_fields += [
163 ("Positional Args",
164 self.format_parameters(plugin_class, True)),
165 ("Keyword Args",
166 self.format_parameters(plugin_class, False)),
167 ("Docstring", oinspect.getdoc(plugin_class) or ""),
168 ("Link", (
169 "http://www.rekall-forensic.com/epydocs/%s.%s-class.html" % (
170 plugin_class.__module__, plugin_class.__name__))),
171 ]
172
173
174 if detail_level > 0:
175 info = self.info(plugin_class, detail_level=detail_level)
176 display_fields.append(("source", self.format(info["source"])))
177
178 return self._format_fields(display_fields)
179
180 - def pinfo(self, obj, oname='', formatter=None, info=None,
181 detail_level=0, **kw):
182 if isinstance(obj, session_module.PluginRunner):
183
184 result = self.plugin_pinfo(obj, detail_level=detail_level)
185 if result:
186 page.page(result)
187
188 else:
189 oinspect.Inspector.pinfo(
190 self, obj, oname=oname, formatter=formatter,
191 info=info, detail_level=detail_level)
192
193
219
220
221 REGISTERED_MAGICS = []
222
225 session = self.shell.user_module.session
226 style = session.GetParameter("highlighting_style")
227 old_style = self.shell.highlighting_style
228 if style != old_style:
229 try:
230 self.shell.highlighting_style = style
231 except Exception:
232 self.shell.highlighting_style = old_style
233 session.logging.error(
234 "Style %s not valid. Valid styles are %s" %
235 (style, list(styles.get_all_styles())))
236
237 return [
238 (Token.Prompt, "["),
239 (Token.Name.Variable, str(session.session_id)),
240 (Token.Prompt, "] "),
241 (Token.Name.Class, str(session.session_name)),
242 (Token.Prompt, " "),
243 (Token.Comment, time.strftime("%H:%M:%S")),
244 (Token.Prompt, "> "),
245 ]
246
248 return [
249 (Token.OutPrompt, 'Out<'),
250 (Token.Comment, time.strftime("%H:%M:%S")),
251 (Token.OutPrompt, '> '),
252 ]
253
254
287