Source Code for Module rekall.plugins.linux.psaux

 1  # Rekall Memory Forensics 
 2  # Copyright (C) 2007-2013 Volatility Foundation 
 3  # Copyright 2013 Google Inc. All Rights Reserved. 
 4  # 
 5  # This file is part of Rekall Memory Forensics. 
 6  # 
 7  # Rekall Memory Forensics is free software; you can redistribute it and/or 
 8  # modify it under the terms of the GNU General Public License Version 2 as 
 9  # published by the Free Software Foundation.  You may not use, modify or 
10  # distribute this program under any other version of the GNU General Public 
11  # License. 
12  # 
13  # Rekall Memory Forensics is distributed in the hope that it will be useful, 
14  # but WITHOUT ANY WARRANTY; without even the implied warranty of 
15  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
16  # GNU General Public License for more details. 
17  # 
18  # You should have received a copy of the GNU General Public License along with 
19  # Rekall Memory Forensics.  If not, see <http://www.gnu.org/licenses/>. 
20  # 
21   
22  """ 
23  @author:       Andrew Case 
24  @license:      GNU General Public License 2.0 
25  @contact:      atcuno@gmail.com 
26  @organization: 
27  """ 
28  from rekall.plugins.linux import common 
29   
30 -class PSAux(common.LinProcessFilter): 
31      """Gathers processes along with full command line and start time.""" 
32   
33      __name = "psaux" 
34   
35 -    def render(self, renderer): 
36          renderer.table_header([ 
37                  ("PID", "pid", "5"), 
38                  ("UID", "uid", "5"), 
39                  ("GID", "gid", "5"), 
40                  ("Command", "command", "50")]) 
41   
42          for task in self.filter_processes(): 
43              renderer.table_row(task.pid, task.uid, task.gid, task.commandline) 
44