| Trees | Indices | Help |
|
|---|
|
|
1 # Rekall Memory Forensics 2 # 3 # Copyright 2013 Google Inc. All Rights Reserved. 4 # 5 # This program is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as published by 7 # the Free Software Foundation; either version 2 of the License, or (at 8 # your option) any later version. 9 # 10 # This program is distributed in the hope that it will be useful, but 11 # WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 # General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 19 """ 20 @author: Andrew Case 21 @license: GNU General Public License 2.0 or later 22 @contact: atcuno@gmail.com 23 @organization: Digital Forensics Solutions 24 """ 25 26 from rekall.plugins.linux import common 2729 """Prints the Linux banner information.""" 30 31 __name = "banner" 32 table_header = [ 33 dict(name="banner", width=80) 34 ] 3542 4345 """Prints information about each active processor.""" 46 47 __name = "cpuinfo" 48 49 table_header = [ 50 dict(name="CPU", width=4), 51 dict(name="vendor", width=20), 52 dict(name="model", width=80) 53 ] 5412056 """returns a list of online cpus (the processor numbers)""" 57 #later kernels. 58 cpus = (self.profile.get_constant("cpu_online_bits") or 59 self.profile.get_constant("cpu_present_map")) 60 if not cpus: 61 raise AttributeError("Unable to determine number of online CPUs " 62 "for memory capture") 63 64 bmap = self.profile.Object( 65 "unsigned long", offset=cpus, vm=self.kernel_address_space) 66 67 for i in xrange(0, bmap.obj_size): 68 if bmap & (1 << i): 69 yield i7072 73 cpus = list(self.online_cpus()) 74 75 if len(cpus) > 1 and (self.profile.get_constant("cpu_info") or 76 self.profile.get_constant("per_cpu__cpu_info")): 77 return self.get_info_smp() 78 79 elif self.profile.get_constant("boot_cpu_data"): 80 return self.get_info_single() 81 82 else: 83 raise AttributeError("Unable to get CPU info for memory capture")8486 cpu = self.profile.cpuinfo_x86( 87 self.profile.get_constant("boot_cpu_data"), 88 vm=self.kernel_address_space) 89 yield 0, cpu90 91 # pulls the per_cpu cpu info 92 # will break apart the per_cpu code if a future plugin needs it94 cpus = list(self.online_cpus()) 95 96 # get the highest numbered cpu 97 max_cpu = cpus[-1] 98 99 per_offsets = self.profile.Array( 100 target='unsigned long', count=max_cpu, 101 offset=self.profile.get_constant("__per_cpu_offset"), 102 vm=self.kernel_address_space) 103 104 i = 0 105 106 for i in cpus: 107 offset = per_offsets[i] 108 109 cpuinfo_addr = (self.profile.get_constant("cpu_info") or 110 self.profile.get_constant("per_cpu__cpu_info")) 111 addr = cpuinfo_addr + offset.v() 112 var = self.profile.Object("cpuinfo_x86", offset=addr, 113 vm=self.kernel_address_space) 114 yield i, var115
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:36 2017 | http://epydoc.sourceforge.net |