Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package common :: Package efilter_plugins :: Module ipython
[frames] | no frames]

Source Code for Module rekall.plugins.common.efilter_plugins.ipython

 1  """Add a magic handler for select, describe and explain plugins.""" 
 2  from IPython.core import magic 
 3  from rekall import ipython_support 

 4   
 5   
 6  @magic.magics_class 
 7 -class EfilterMagics(magic.Magics): 

 8   

 9 -    def _RunPlugin(self, session, plugin_name, line): 

10          # Strip quotes. 
11          while line[0] == line[-1] and line[0] in "'\"": 
12              line = line[1:-1] 
13   
14          return session.RunPlugin(plugin_name, query=line) 

15   
16      @magic.line_cell_magic 

17 -    def SELECT(self, line, cell=None): 

18          return self._process_select(line, cell) 

19   
20      @magic.line_cell_magic 

21 -    def select(self, line, cell=None): 

22          """This makes it easier to run the search plugin: 
23   
24  [1] win7.elf 15:35:09> select * from pslist() where _EPROCESS.name =~ "svchost" 
25    _EPROCESS            Name          PID   PPID   Thds    Hnds    Sess  Wow64 
26  -------------- -------------------- ----- ------ ------ -------- ------ ------ 
27  0xfa80024f85d0 svchost.exe            236    480     19      455      0 False 
28  0xfa80023f6770 svchost.exe            608    480     12      352      0 False 
29          """ 
30          return self._process_select(line, cell) 

31   

32 -    def _process_select(self, line, cell=None): 

33          session = self.shell.user_module.session 
34          return self._RunPlugin(session, "search", "select " + line + ( 
35              cell or "")) 

36   
37      @magic.line_cell_magic 

38 -    def pager(self, line, cell=None): 

39          session = self.shell.user_module.session 
40          if " " in line: 
41              _, line_end = line.split(" ", 1) 
42          else: 
43              # A bare pager magic with pager already set, means to clear it. 
44              if session.GetParameter("pager"): 
45                  session.SetParameter("pager", None) 
46                  return 
47   
48              line_end = "less" 
49   
50          session.SetParameter("pager", line_end) 

51   
52   
53  ipython_support.REGISTERED_MAGICS.append(EfilterMagics) 
54

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:40 2017 http://epydoc.sourceforge.net