/usr/lib/python2.7/dist-packages/volatility/plugins/addrspaces/standard.py is in volatility 2.6-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 | # Volatility
# Copyright (C) 2007-2013 Volatility Foundation
# Copyright (C) 2004,2005,2006 4tphi Research
#
# Authors:
# {npetroni,awalters}@4tphi.net (Nick Petroni and AAron Walters)
# Michael Cohen <scudette@users.sourceforge.net>
# Mike Auty <mike.auty@gmail.com>
#
# This file is part of Volatility.
#
# Volatility is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Volatility is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Volatility. If not, see <http://www.gnu.org/licenses/>.
#
""" These are standard address spaces supported by Volatility """
import struct
import volatility.addrspace as addrspace
import volatility.debug as debug #pylint: disable-msg=W0611
import urllib
import os
#pylint: disable-msg=C0111
def write_callback(option, _opt_str, _value, parser, *_args, **_kwargs):
"""Callback function to ensure that write support is only enabled if user repeats a long string
This call back checks whether the user really wants write support and then either enables it
(for all future parses) by changing the option to store_true, or disables it permanently
by ensuring all future attempts to store the value store_false.
"""
if not hasattr(parser.values, 'write'):
# We don't want to use config.outfile, since this should always be seen by the user
option.dest = "write"
option.action = "store_false"
parser.values.write = False
for _ in range(3):
testphrase = "Yes, I want to enable write support"
response = raw_input("Write support requested. Please type \"" + testphrase +
"\" below precisely (case-sensitive):\n")
if response == testphrase:
option.action = "store_true"
parser.values.write = True
return
print "Write support disabled."
class FileAddressSpace(addrspace.BaseAddressSpace):
""" This is a direct file AS.
For this AS to be instantiated, we need
1) A valid config.LOCATION (starting with file://)
2) no one else has picked the AS before us
3) base == None (we dont operate on anyone else so we need to be
right at the bottom of the AS stack.)
"""
## We should be the AS of last resort
order = 100
def __init__(self, base, config, layered = False, **kwargs):
addrspace.BaseAddressSpace.__init__(self, base, config, **kwargs)
self.as_assert(base == None or layered, 'Must be first Address Space')
self.as_assert(config.LOCATION.startswith("file://"), 'Location is not of file scheme')
path = urllib.url2pathname(config.LOCATION[7:])
self.as_assert(os.path.exists(path), 'Filename must be specified and exist')
self.name = os.path.abspath(path)
self.fname = self.name
self.mode = 'rb'
if config.WRITE:
self.mode += '+'
self.fhandle = open(self.fname, self.mode)
self.fhandle.seek(0, 2)
self.fsize = self.fhandle.tell()
self._long_struct = struct.Struct("=I")
# Abstract Classes cannot register options, and since this checks config.WRITE in __init__, we define the option here
@staticmethod
def register_options(config):
config.add_option("WRITE", short_option = 'w', action = "callback", default = False,
help = "Enable write support", callback = write_callback)
def fread(self, length):
length = int(length)
return self.fhandle.read(length)
def read(self, addr, length):
addr, length = int(addr), int(length)
try:
self.fhandle.seek(addr)
except (IOError, OverflowError):
return None
data = self.fhandle.read(length)
if len(data) == 0:
return None
return data
def zread(self, addr, length):
data = self.read(addr, length)
if data is None:
data = "\x00" * length
elif len(data) != length:
data += "\x00" * (length - len(data))
return data
def read_long(self, addr):
string = self.read(addr, 4)
longval, = self._long_struct.unpack(string)
return longval
def get_available_addresses(self):
# Since the second parameter is the length of the run
# not the end location, it must be set to fsize, not fsize - 1
yield (0, self.fsize)
def is_valid_address(self, addr):
if addr == None:
return False
return 0 <= addr < self.fsize
def close(self):
self.fhandle.close()
def write(self, addr, data):
if not self._config.WRITE:
return False
try:
self.fhandle.seek(addr)
self.fhandle.write(data)
except IOError:
return False
return True
def __eq__(self, other):
return self.__class__ == other.__class__ and self.base == other.base and hasattr(other, "fname") and self.fname == other.fname
|