Source Code for Module rekall.plugins.renderers.linux

  1  # Rekall Memory Forensics 
  2  # Copyright 2014 Google Inc. All Rights Reserved. 
  3  # 
  4  # This program is free software; you can redistribute it and/or modify 
  5  # it under the terms of the GNU General Public License as published by 
  6  # the Free Software Foundation; either version 2 of the License, or (at 
  7  # your option) any later version. 
  8  # 
  9  # This program is distributed in the hope that it will be useful, but 
 10  # WITHOUT ANY WARRANTY; without even the implied warranty of 
 11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 12  # General Public License for more details. 
 13  # 
 14  # You should have received a copy of the GNU General Public License 
 15  # along with this program; if not, write to the Free Software 
 16  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
 17  # 
 18   
 19  """This module implements renderers specific to Linux structures.""" 
 20   
 21  import os 
 22   
 23  from rekall.ui import json_renderer 
 24  from rekall.ui import text 
 25  from rekall.plugins.addrspaces import amd64 
 26  from rekall.plugins.renderers import base_objects 
 27  from rekall.plugins.renderers import data_export 
 28   
 29   
 30 -class kuid_t_TextObjectRenderer(text.TextObjectRenderer): 
 31      renders_type = "kuid_t" 
 32      renderers = ["TextRenderer", "TestRenderer", "WideTextRenderer"] 
 33   
 34 -    def render_row(self, target, **_): 
 35          return text.Cell(unicode(target)) 
 36   
 37 -class kgid_t_TextObjectRenderer(kuid_t_TextObjectRenderer): 
 38      renders_type = "kgid_t" 
 39   
 40   
 41 -class kuid_t_JsonObjectRenderer(json_renderer.JsonObjectRenderer): 
 42      renders_type = ["kuid_t", "kgid_t"] 
 43      renderers = ["JsonRenderer", "DataExportRenderer"] 
 44   
 45 -    def EncodeToJsonSafe(self, task, **_): 
 46          return task.val.v() 
 47   
 48   
 49 -class XenM2PMapperObjectRenderer(json_renderer.JsonObjectRenderer): 
 50      renders_type = "XenM2PMapper" 
 51   
 52 -    def EncodeToJsonSafe(self, item, **_): 
 53          result = {} 
 54          result["m2p_map"] = dict(item) 
 55          result["mro"] = ":".join(self.get_mro(item)) 
 56   
 57          return result 
 58   
 59 -    def DecodeFromJsonSafe(self, value, _): 
 60          return amd64.XenM2PMapper(value["m2p_map"]) 
 61   
 62   
 63 -class TaskStruct_TextObjectRenderer(base_objects.StructTextRenderer): 
 64      renders_type = "task_struct" 
 65      COLUMNS = [ 
 66          dict(style="address", name="obj_offset"), 
 67          dict(width=20, align="l", name="name"), 
 68          dict(width=6, align="r", name="pid") 
 69      ] 
 70   
 71   
 72 -class TaskStruct_DataExport(data_export.DataExportBaseObjectRenderer): 
 73      renders_type = "task_struct" 
 74   
 75 -    def EncodeToJsonSafe(self, task, **_): 
 76          result = super(TaskStruct_DataExport, self).EncodeToJsonSafe(task) 
 77          fullpath = task.get_path(task.mm.m("exe_file")) 
 78          result["Cybox"] = dict( 
 79              type=u"ProcessObj:ProcessObjectType", 
 80              Name=task.name, 
 81              PID=task.pid, 
 82              Creation_Time=task.task_start_time, 
 83              Parent_PID=task.parent.pid, 
 84              Image_Info=dict( 
 85                  type=u"ProcessObj:ImageInfoType", 
 86                  Path=fullpath, 
 87                  Command_Line=task.commandline, 
 88                  TrustedPath=fullpath, 
 89                  File_Name=os.path.basename(fullpath), 
 90                  ) 
 91              ) 
 92   
 93          res = json_renderer.JsonObjectRenderer.EncodeToJsonSafe(self, result) 
 94          return res 
 95   
 96 -    def Summary(self, item, **_): 
 97          return "%s (%s)" % (item.get("Cybox", {}).get("Name", ""), 
 98                              item.get("Cybox", {}).get("PID", "")) 
 99