This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:16.04 | |
# set non interactive only during build | |
ARG DEBIAN_FRONTEND=noninteractive | |
RUN apt-get update && \ | |
apt-get install -y \ | |
python3-guestfs python3-docopt wget ipython3 linux-image-generic | |
WORKDIR /root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import sys | |
import stat | |
import logging | |
import libvirt | |
from tempfile import TemporaryDirectory, NamedTemporaryFile | |
from rekall import plugins, session | |
def extract_config(ram_dump): | |
home = os.getenv('HOME') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GRUB_CMDLINE_LINUX="earlyprintk=xen" | |
GRUB_CMDLINE_XEN_DEFAULT="com1=115200,8n1 console=com1 loglvl=all guest_lvl=all" | |
GRUB_TERMINAL="serial" | |
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# kdesrc-build running: 'make' '-j8' | |
# from directory: /work/build/kdesupport/qca | |
[ 2%] Generating qca_core.moc | |
[ 2%] Generating __/include/QtCrypto/moc_qca_safetimer.cpp | |
[ 0%] Generating qca_cert.moc | |
[ 2%] Generating qca_keystore.moc | |
[ 2%] Generating qca_default.moc | |
[ 2%] Generating qca_publickey.moc | |
[ 3%] Generating qca_safetimer.moc | |
[ 3%] Generating qca_securelayer.moc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ 39%] Generating moc_ringwatch.cpp | |
[ 40%] Generating moc_mykeystorelist.cpp | |
[ 40%] Generating moc_mymessagecontext.cpp | |
Scanning dependencies of target qca-gnupg | |
[ 41%] Building CXX object plugins/qca-gnupg/CMakeFiles/qca-gnupg.dir/qca-gnupg.cpp.o | |
In file included from /usr/include/c++/7.2.1/x86_64-pc-linux-gnu/bits/os_defines.h:39:0, | |
from /usr/include/c++/7.2.1/x86_64-pc-linux-gnu/bits/c++config.h:533, | |
from /usr/include/c++/7.2.1/type_traits:38, | |
from /usr/include/qt/QtCore/qglobal.h:45, | |
from /usr/include/qt/QtCore/qchar.h:43, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2018/04/20 16:00:26 [INFO] Packer version: 1.2.2 | |
2018/04/20 16:00:26 Packer Target OS/Arch: linux amd64 | |
2018/04/20 16:00:26 Built with Go Version: go1.10 | |
2018/04/20 16:00:26 Detected home directory from env var: /home/tarrma | |
2018/04/20 16:00:26 Using internal plugin for amazon-chroot | |
2018/04/20 16:00:26 Using internal plugin for file | |
2018/04/20 16:00:26 Using internal plugin for lxc | |
2018/04/20 16:00:26 Using internal plugin for oracle-classic | |
2018/04/20 16:00:26 Using internal plugin for triton | |
2018/04/20 16:00:26 Using internal plugin for cloudstack |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdlib.h> | |
#include <string.h> | |
#include <errno.h> | |
#include <sys/mman.h> | |
#include <stdio.h> | |
#include <inttypes.h> | |
#include <signal.h> | |
#include <unistd.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
""" | |
Usage: | |
bug_sstep.py [options] <vm_name> <symbol> | |
Options: | |
-h --help Show this screen. | |
--sstep Use singlestepping instead of emulation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
e dbg.hwbp=true | |
echo printing 10 opcodes | |
pd 10 | |
echo setting breakpoint on next opcode | |
so 1 | |
db $$ | |
echo printing 10 opcodes, with breakpoint | |
pd 10 | |
echo continue execution | |
dc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* The LibVMI Library is an introspection library that simplifies access to | |
* memory in a target virtual machine or in a file containing a dump of | |
* a system's physical memory. LibVMI is based on the XenAccess Library. | |
* | |
* Author: Tamas K Lengyel (tamas.lengyel@zentific.com) | |
* | |
* This file is part of LibVMI. | |
* | |
* LibVMI is free software: you can redistribute it and/or modify it under | |
* the terms of the GNU Lesser General Public License as published by the |
OlderNewer