/usr/lib/python2.7/dist-packages/rekall/plugins/linux/iomem.py is in python-rekall-core 1.6.0+dfsg-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | # Rekall Memory Forensics
#
# Copyright Digital Forensics Solutions.
# Copyright 2013 Google Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
__author__ = ("Andrew Case <atcuno@gmail.com>",
"Michael Cohen <scudette@google.com>")
from rekall.plugins.linux import common
class IOmem(common.LinuxPlugin):
'''mimics /proc/iomem.'''
__name = "iomem"
table_header = [
dict(name="resource", style="address"),
dict(name="start", style="address"),
dict(name="end", style="address"),
dict(name="name", type="TreeNode"),
]
def GetResources(self):
# Resources are organized in a tree structure.
resource_tree_root = self.profile.get_constant_object(
"iomem_resource", target="resource")
seen = set()
return self._GetResources(resource_tree_root, seen)
def _GetResources(self, node, seen, depth=0):
"""Traverse the resource tree depth first."""
if not node or node in seen:
return
seen.add(node)
yield node, depth
if node.child:
for x in self._GetResources(node.child.deref(), seen, depth+1):
yield x
for sibling in node.walk_list("sibling"):
for x in self._GetResources(sibling, seen, depth):
yield x
def collect(self):
for node, depth in self.GetResources():
yield dict(
resource=node,
start=node.start,
end=node.end,
name=node.name.deref(),
depth=depth)
|