From fa8228b91d19279a5fad3c7335e884c31b06ca9b Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 1 Apr 2018 19:25:43 -0400 Subject: [PATCH] added unified_output --- volatility/plugins/linux/arp.py | 14 ++++++++++++++ volatility/plugins/linux/aslr_shift.py | 14 ++++++++++++++ volatility/plugins/linux/banner.py | 13 ++++++++++++- volatility/plugins/linux/check_afinfo.py | 17 +++++++++++++++++ volatility/plugins/linux/check_evt_arm.py | 15 +++++++++++++++ volatility/plugins/linux/dentry_cache.py | 11 +++++++++++ volatility/plugins/linux/dmesg.py | 11 +++++++++++ 7 files changed, 94 insertions(+), 1 deletion(-) diff --git a/volatility/plugins/linux/arp.py b/volatility/plugins/linux/arp.py index 31d2e8e4f..9c9dd5bbb 100644 --- a/volatility/plugins/linux/arp.py +++ b/volatility/plugins/linux/arp.py @@ -27,6 +27,7 @@ import socket import volatility.plugins.linux.common as linux_common import volatility.obj as obj +from volatility.renderers import TreeGrid class a_ent(object): @@ -130,6 +131,19 @@ def walk_neighbor(self, neighbor): return ret + def unified_output(self, data): + return TreeGrid([("ip",str), + ("mac",str), + ("devname",str)], + self.generator(data)) + + def generator(self, data): + for ent in data: + yield (0, [ str(ent.ip), + str(ent.mac), + str(ent.devname), + ]) + def render_text(self, outfd, data): for ent in data: outfd.write("[{0:42s}] at {1:20s} on {2:s}\n".format(ent.ip, ent.mac, ent.devname)) diff --git a/volatility/plugins/linux/aslr_shift.py b/volatility/plugins/linux/aslr_shift.py index c2a794271..e55b77485 100644 --- a/volatility/plugins/linux/aslr_shift.py +++ b/volatility/plugins/linux/aslr_shift.py @@ -25,6 +25,7 @@ import volatility.utils as utils import volatility.plugins.linux.common as common +from volatility.renderers import TreeGrid class linux_aslr_shift(common.AbstractLinuxCommand): """Automatically detect the Linux ASLR shift""" @@ -34,6 +35,19 @@ def calculate(self): yield aspace.profile.virtual_shift, aspace.profile.physical_shift + def unified_output(self, data): + return TreeGrid([("v", str), + ("p", str), + ], + self.generator(data)) + + def generator(self, data): + for v, p in data: + yield (0, [ + str(v), + str(p), + ]) + def render_text(self, outfd, data): self.table_header(outfd, [("Virtual Shift Address", "[addrpad]"), ("Physical Shift Address", "[addrpad]")]) diff --git a/volatility/plugins/linux/banner.py b/volatility/plugins/linux/banner.py index e416d343e..37435760e 100644 --- a/volatility/plugins/linux/banner.py +++ b/volatility/plugins/linux/banner.py @@ -29,6 +29,7 @@ import volatility.plugins.linux.flags as linux_flags import volatility.plugins.linux.common as linux_common import volatility.plugins.linux.pslist as linux_pslist +from volatility.renderers import TreeGrid class linux_banner(linux_common.AbstractLinuxCommand): """ Prints the Linux banner information """ @@ -44,7 +45,17 @@ def calculate(self): debug.error("linux_banner symbol not found. Please report this as a bug on the issue tracker: https://code.google.com/p/volatility/issues/list") yield banner.strip() - + + def unified_output(self, data): + return TreeGrid([("banner", str)], + self.generator(data)) + + def generator(self, data): + for banner in data: + yield (0, [ + str(banner), + ]) + def render_text(self, outfd, data): for banner in data: outfd.write("{0:s}\n".format(banner)) diff --git a/volatility/plugins/linux/check_afinfo.py b/volatility/plugins/linux/check_afinfo.py index 31f483b2e..1d8275ec2 100644 --- a/volatility/plugins/linux/check_afinfo.py +++ b/volatility/plugins/linux/check_afinfo.py @@ -28,6 +28,7 @@ import volatility.obj as obj import volatility.plugins.linux.common as linux_common import volatility.plugins.linux.lsmod as linux_lsmod +from volatility.renderers import TreeGrid class linux_check_afinfo(linux_common.AbstractLinuxCommand): """Verifies the operation function pointers of network protocols""" @@ -77,6 +78,22 @@ def calculate(self): for (name, member, address) in self.check_afinfo(global_var_name, global_var, op_members, seq_members, modules): yield (name, member, address) + def unified_output(self, data): + return TreeGrid([ + ("what", str), + ("member", str), + ("address", str) + ], + self.generator(data)) + + def generator(self, data): + for (what, member, address) in data: + yield (0, [ + str(what), + str(member), + str(address), + ]) + def render_text(self, outfd, data): self.table_header(outfd, [("Symbol Name", "42"), diff --git a/volatility/plugins/linux/check_evt_arm.py b/volatility/plugins/linux/check_evt_arm.py index 68072bb5d..6c30ce654 100644 --- a/volatility/plugins/linux/check_evt_arm.py +++ b/volatility/plugins/linux/check_evt_arm.py @@ -26,6 +26,7 @@ import volatility.obj as obj import volatility.debug as debug import volatility.plugins.linux.common as linux_common +from volatility.renderers import TreeGrid class linux_check_evt_arm(linux_common.AbstractLinuxARMCommand): ''' Checks the Exception Vector Table to look for syscall table hooking ''' @@ -75,6 +76,20 @@ def calculate(self): yield ("vector_swi code modification", "FAIL", "Opcode E28F80?? not found") return + def unified_output(self, data): + return TreeGrid([("check", str), + ("result", str), + ("info", str)], + self.generator(data)) + + def generator(self, data): + for (check, result, info) in data: + yield (0, [ + str(check), + str(result), + str(info), + ]) + def render_text(self, outfd, data): self.table_header(outfd, [("Check", "<30"), ("PASS/FAIL", "<5"), ("Info", "<30")]) for (check, result, info) in data: diff --git a/volatility/plugins/linux/dentry_cache.py b/volatility/plugins/linux/dentry_cache.py index c5845c3c3..c1fbb873c 100644 --- a/volatility/plugins/linux/dentry_cache.py +++ b/volatility/plugins/linux/dentry_cache.py @@ -26,6 +26,7 @@ import volatility.plugins.linux.common as linux_common from volatility.plugins.linux.slab_info import linux_slabinfo +from volatility.renderers import TreeGrid class linux_dentry_cache(linux_common.AbstractLinuxCommand): """Gather files from the dentry cache""" @@ -66,6 +67,16 @@ def calculate(self): for dentry in cache: yield self.make_body(dentry) + def unified_output(self, data): + return TreeGrid([("bodyline", str)], + self.generator(data)) + + def generator(self, data): + for bodyline in data: + yield (0, [ + str(bodyline), + ]) + def render_text(self, outfd, data): for bodyline in data: diff --git a/volatility/plugins/linux/dmesg.py b/volatility/plugins/linux/dmesg.py index a51d2e29e..fc6b4b63f 100644 --- a/volatility/plugins/linux/dmesg.py +++ b/volatility/plugins/linux/dmesg.py @@ -26,6 +26,7 @@ import volatility.obj as obj import volatility.plugins.linux.common as linux_common +from volatility.renderers import TreeGrid class linux_dmesg(linux_common.AbstractLinuxCommand): """Gather dmesg buffer""" @@ -92,6 +93,16 @@ def calculate(self): else: yield self._pre_3(log_buf_addr, log_buf_len) + def unified_output(self, data): + return TreeGrid([("buf", str), + self.generator(data)) + + def generator(self, data): + for buf in data: + yield (0, [ + str(buf), + ]) + def render_text(self, outfd, data): for buf in data: