[Forensics-changes] [volatility] branch upstream updated (0b4678c -> c39b324)
Joao Eriberto Mota Filho
eriberto at moszumanska.debian.org
Sun Nov 22 17:18:21 UTC 2015
This is an automated email from the git hooks/post-receive script.
eriberto pushed a change to branch upstream
in repository volatility.
from 0b4678c Upstream 2.4.1.
new c39b324 Imported Upstream version 2.5
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitattributes | 1 +
.gitignore | 60 +
AUTHORS.txt | 11 +-
CREDITS.txt | 23 +-
PKG-INFO | 4 +-
README.txt | 74 +-
contrib/{plugins/aspaces => }/__init__.py | 0
contrib/library_example/libapi.py | 41 +
contrib/library_example/pslist_json.py | 46 +
contrib/plugins/{aspaces => }/__init__.py | 0
contrib/plugins/{aspaces => malware}/__init__.py | 0
contrib/plugins/malware/poisonivy.py | 396 +
contrib/plugins/malware/zeusscan.py | 600 ++
pyinstaller/hook-openpyxl.py | 19 +
pyinstaller/hook-yara.py | 8 +
setup.cfg | 5 -
setup.py | 3 +-
tools/linux/Makefile.enterprise | 15 +
tools/linux/kcore/Makefile | 9 +
tools/linux/kcore/elf.h | 2800 +++++++
tools/linux/kcore/getkcore.c | 294 +
tools/linux/kcore/getkcore.h | 13 +
tools/linux/module.c | 16 +-
tools/linux/pmem/Makefile | 13 -
tools/linux/pmem/pmem.c | 275 -
tools/mac/convert.py | 148 +-
tools/mac/generate_profile_list.py | 103 +
tools/mac/mac_create_all_profiles.py | 17 +-
tools/windows/parsesummary.py | 68 +
volatility.egg-info/PKG-INFO | 10 -
volatility.egg-info/SOURCES.txt | 376 -
volatility.egg-info/dependency_links.txt | 1 -
volatility.egg-info/top_level.txt | 1 -
volatility/addrspace.py | 18 +-
volatility/commands.py | 143 +-
volatility/constants.py | 2 +-
volatility/debug.py | 2 +-
volatility/fmtspec.py | 5 +-
volatility/obj.py | 3 +-
volatility/plugins/addrspaces/amd64.py | 30 +-
volatility/plugins/addrspaces/arm.py | 5 +-
volatility/plugins/addrspaces/crash.py | 3 +-
volatility/plugins/addrspaces/crashbmp.py | 26 +-
volatility/plugins/addrspaces/hibernate.py | 9 +-
volatility/plugins/addrspaces/intel.py | 15 +-
volatility/plugins/addrspaces/lime.py | 1 -
volatility/plugins/addrspaces/osxpmemelf.py | 5 +-
volatility/plugins/addrspaces/standard.py | 7 +-
volatility/plugins/addrspaces/vmem.py | 4 +-
volatility/plugins/bigpagepools.py | 40 +-
volatility/plugins/bioskbd.py | 13 +
volatility/plugins/cmdline.py | 18 +-
volatility/plugins/connections.py | 20 +
volatility/plugins/connscan.py | 17 +-
volatility/plugins/crashinfo.py | 64 +-
volatility/plugins/dlldump.py | 33 +-
volatility/plugins/drivermodule.py | 96 +
volatility/plugins/dumpcerts.py | 84 +-
volatility/plugins/dumpfiles.py | 144 +-
volatility/plugins/envars.py | 27 +-
volatility/plugins/evtlogs.py | 33 +-
volatility/plugins/filescan.py | 211 +-
volatility/plugins/getservicesids.py | 12 +
volatility/plugins/getsids.py | 94 +-
volatility/plugins/gui/atoms.py | 93 +-
volatility/plugins/gui/clipboard.py | 48 +
volatility/plugins/gui/desktops.py | 53 +-
volatility/plugins/gui/editbox.py | 473 ++
volatility/plugins/gui/gahti.py | 47 +-
.../plugins/gui/vtypes/win7_sp0_x64_vtypes_gui.py | 8 +-
.../plugins/gui/vtypes/win7_sp1_x64_vtypes_gui.py | 8 +-
volatility/plugins/gui/vtypes/xp.py | 2 +-
volatility/plugins/gui/win32k_core.py | 45 +-
volatility/plugins/gui/windowstations.py | 2 +-
volatility/plugins/handles.py | 46 +-
volatility/plugins/heaps.py | 3 +-
volatility/plugins/iehistory.py | 61 +-
volatility/plugins/imagecopy.py | 40 +-
volatility/plugins/imageinfo.py | 43 +-
volatility/plugins/joblinks.py | 64 +-
volatility/plugins/kdbgscan.py | 45 +-
volatility/plugins/linux/apihooks.py | 161 +-
volatility/plugins/linux/arp.py | 11 +-
volatility/plugins/linux/bash.py | 18 +-
volatility/plugins/linux/bash_hash.py | 43 +-
volatility/plugins/linux/check_creds.py | 24 +-
volatility/plugins/linux/check_fops.py | 14 +-
volatility/plugins/linux/check_idt.py | 55 +-
volatility/plugins/linux/check_inline_kernel.py | 18 +-
volatility/plugins/linux/check_modules.py | 15 +-
volatility/plugins/linux/check_syscall.py | 103 +-
volatility/plugins/linux/check_syscall_arm.py | 18 +
volatility/plugins/linux/common.py | 18 +-
volatility/plugins/linux/cpuinfo.py | 13 +-
volatility/plugins/linux/elfs.py | 20 +-
volatility/plugins/linux/enumerate_files.py | 24 +-
volatility/plugins/linux/find_file.py | 56 +-
volatility/plugins/linux/{lsof.py => getcwd.py} | 13 +-
volatility/plugins/linux/hidden_modules.py | 103 +-
volatility/plugins/linux/ifconfig.py | 14 +-
volatility/plugins/linux/info_regs.py | 29 +-
volatility/plugins/linux/kernel_opened_files.py | 38 +-
volatility/plugins/linux/{psenv.py => ld_env.py} | 17 +-
volatility/plugins/linux/ldrmodules.py | 24 +-
volatility/plugins/linux/libc_env.py | 82 +-
volatility/plugins/linux/library_list.py | 16 +-
volatility/plugins/linux/librarydump.py | 2 +-
volatility/plugins/linux/linux_strings.py | 3 +-
volatility/plugins/linux/linux_volshell.py | 2 +-
volatility/plugins/linux/list_raw.py | 17 +-
volatility/plugins/linux/lsmod.py | 3 -
volatility/plugins/linux/lsof.py | 29 +-
volatility/plugins/linux/mount.py | 110 +-
volatility/plugins/linux/mount_cache.py | 26 +-
.../plugins/linux/{netfiler.py => netfilter.py} | 26 +-
volatility/plugins/linux/netscan.py | 129 +
volatility/plugins/linux/netstat.py | 2 +-
volatility/plugins/linux/pidhashtable.py | 51 +-
volatility/plugins/linux/plthook.py | 111 +-
volatility/plugins/linux/proc_maps.py | 57 +-
volatility/plugins/linux/procdump.py | 56 +-
volatility/plugins/linux/process_info.py | 2 +-
volatility/plugins/linux/process_stack.py | 2 +-
volatility/plugins/linux/psaux.py | 14 +-
volatility/plugins/linux/psenv.py | 12 +-
volatility/plugins/linux/pslist.py | 62 +-
volatility/plugins/linux/pstree.py | 72 +-
volatility/plugins/linux/psxview.py | 32 +-
volatility/plugins/linux/threads.py | 55 +-
volatility/plugins/linux/tmpfs.py | 6 +-
volatility/plugins/mac/WKdm.py | 562 ++
volatility/plugins/mac/adiummsgs.py | 30 +-
volatility/plugins/mac/apihooks.py | 46 +-
volatility/plugins/mac/apihooks_kernel.py | 55 +-
volatility/plugins/mac/bash.py | 106 +-
volatility/plugins/mac/bash_env.py | 102 +-
volatility/plugins/mac/bash_hash.py | 139 +-
volatility/plugins/mac/calendar.py | 30 +-
volatility/plugins/mac/check_mig_table.py | 18 +-
volatility/plugins/mac/check_syscall_shadow.py | 17 +-
volatility/plugins/mac/check_syscall_table.py | 33 +-
volatility/plugins/mac/check_sysctl.py | 27 +-
volatility/plugins/mac/check_trap_table.py | 20 +-
volatility/plugins/mac/common.py | 99 +
volatility/plugins/mac/compressed_swap.py | 208 +
volatility/plugins/mac/contacts.py | 20 +-
volatility/plugins/mac/dlyd_maps.py | 25 +-
volatility/plugins/mac/dump_map.py | 324 +-
volatility/plugins/mac/get_profile.py | 158 +
volatility/plugins/mac/gkextmap.py | 46 +-
volatility/plugins/mac/ifconfig.py | 21 +-
volatility/plugins/mac/ip_filters.py | 27 +-
volatility/plugins/mac/keychaindump.py | 15 +-
volatility/plugins/mac/ldrmodules.py | 34 +-
volatility/plugins/mac/librarydump.py | 47 +-
volatility/plugins/mac/list_files.py | 50 +-
volatility/plugins/mac/list_kauth_listeners.py | 87 +
volatility/plugins/mac/list_kauth_scopes.py | 97 +
volatility/plugins/mac/list_raw.py | 96 +
volatility/plugins/mac/list_zones.py | 29 +-
volatility/plugins/mac/lsmod.py | 23 +-
volatility/plugins/mac/lsmod_iokit.py | 48 +-
volatility/plugins/mac/lsof.py | 47 +-
volatility/plugins/mac/mac_strings.py | 5 +-
volatility/plugins/mac/mac_yarascan.py | 17 +-
volatility/plugins/mac/malfind.py | 26 +-
volatility/plugins/mac/moddump.py | 31 +-
volatility/plugins/mac/mount.py | 17 +
volatility/plugins/mac/netconns.py | 25 +-
volatility/plugins/mac/netstat.py | 70 +-
volatility/plugins/mac/notesapp.py | 34 +-
volatility/plugins/mac/notifiers.py | 40 +-
volatility/plugins/mac/orphan_threads.py | 138 +
volatility/plugins/mac/pid_hash_table.py | 4 +-
volatility/plugins/mac/print_boot_cmdline.py | 10 +
volatility/plugins/mac/proc_maps.py | 29 +-
volatility/plugins/mac/procdump.py | 82 +-
volatility/plugins/mac/psaux.py | 24 +
volatility/plugins/mac/{psaux.py => psenv.py} | 29 +-
volatility/plugins/mac/pslist.py | 48 +-
volatility/plugins/mac/psxview.py | 32 +-
volatility/plugins/mac/recover_filesystem.py | 8 +-
volatility/plugins/mac/route.py | 27 +-
volatility/plugins/mac/session_hash_table.py | 27 +-
volatility/plugins/mac/socket_filters.py | 32 +-
volatility/plugins/mac/threads.py | 446 ++
volatility/plugins/mac/threads_simple.py | 98 +
volatility/plugins/mac/trustedbsd.py | 27 +-
volatility/plugins/malware/apihooks.py | 67 +-
volatility/plugins/malware/callbacks.py | 51 +-
volatility/plugins/malware/cmdhistory.py | 236 +-
volatility/plugins/malware/devicetree.py | 3 +-
volatility/plugins/malware/idt.py | 88 +-
volatility/plugins/malware/impscan.py | 43 +-
volatility/plugins/malware/malfind.py | 286 +-
volatility/plugins/malware/psxview.py | 179 +-
volatility/plugins/malware/servicediff.py | 178 +
volatility/plugins/malware/svcscan.py | 96 +-
volatility/plugins/malware/threads.py | 5 +-
volatility/plugins/malware/timers.py | 30 +-
volatility/plugins/mbrparser.py | 106 +
volatility/plugins/mftparser.py | 378 +-
volatility/plugins/moddump.py | 29 +-
volatility/plugins/modscan.py | 55 +-
volatility/plugins/modules.py | 47 +-
volatility/plugins/multiscan.py | 36 +-
volatility/plugins/netscan.py | 52 +-
volatility/plugins/objtypescan.py | 30 +-
volatility/plugins/overlays/basic.py | 33 +-
volatility/plugins/overlays/linux/elf.py | 3 +-
volatility/plugins/overlays/linux/linux.py | 650 +-
volatility/plugins/overlays/mac/mac.py | 627 +-
volatility/plugins/overlays/mac/macho.py | 34 +-
volatility/plugins/overlays/windows/pe_vtypes.py | 4 +-
volatility/plugins/overlays/windows/vad_vtypes.py | 11 +-
.../overlays/windows/vista_sp0_x64_syscalls.py | 2352 +++---
.../overlays/windows/vista_sp12_x64_syscalls.py | 2338 +++---
.../overlays/windows/vista_sp12_x86_syscalls.py | 2334 +++---
volatility/plugins/overlays/windows/win10.py | 345 +
...{win8_sp1_x64_vtypes.py => win10_x64_vtypes.py} | 7714 ++++++++++++--------
...{win8_sp1_x86_vtypes.py => win10_x86_vtypes.py} | 6774 +++++++++++------
volatility/plugins/overlays/windows/win2003.py | 1 +
.../overlays/windows/win2003_sp0_x86_syscalls.py | 1924 ++---
.../overlays/windows/win2003_sp12_x64_syscalls.py | 1934 ++---
.../overlays/windows/win2003_sp12_x86_syscalls.py | 1930 ++---
volatility/plugins/overlays/windows/win7.py | 5 +-
.../overlays/windows/win7_sp01_x64_syscalls.py | 2464 +++----
volatility/plugins/overlays/windows/win8.py | 50 +-
...n8_sp1_x64_vtypes.py => win81_u1_x64_vtypes.py} | 1284 ++--
...n8_sp1_x86_vtypes.py => win81_u1_x86_vtypes.py} | 1210 +--
volatility/plugins/overlays/windows/win8_kdbg.py | 9 +-
.../overlays/windows/win8_sp0_x64_syscalls.py | 2838 +++----
.../overlays/windows/win8_sp0_x86_syscalls.py | 2834 +++----
.../overlays/windows/win8_sp1_x64_syscalls.py | 2950 ++++----
.../overlays/windows/win8_sp1_x86_syscalls.py | 2946 ++++----
volatility/plugins/overlays/windows/windows.py | 49 +-
volatility/plugins/pooltracker.py | 34 +-
volatility/plugins/privileges.py | 124 +-
volatility/plugins/procdump.py | 57 +-
volatility/plugins/pstree.py | 63 +-
volatility/plugins/raw2dmp.py | 6 +-
volatility/plugins/registry/amcache.py | 181 +
volatility/plugins/registry/auditpol.py | 34 +-
volatility/plugins/registry/dumpregistry.py | 84 +
volatility/plugins/registry/hivelist.py | 25 +-
volatility/plugins/registry/hivescan.py | 10 +
volatility/plugins/registry/lsadump.py | 31 +
volatility/plugins/registry/printkey.py | 103 +-
volatility/plugins/registry/shellbags.py | 59 +-
volatility/plugins/registry/shimcache.py | 56 +-
volatility/plugins/registry/shutdown.py | 108 +
volatility/plugins/registry/userassist.py | 169 +-
volatility/plugins/sockets.py | 31 +
volatility/plugins/sockscan.py | 29 +-
volatility/plugins/ssdt.py | 103 +-
volatility/plugins/strings.py | 45 +-
volatility/plugins/taskmods.py | 169 +-
volatility/plugins/tcaudit.py | 113 +-
volatility/plugins/timeliner.py | 248 +-
volatility/plugins/vadinfo.py | 122 +-
volatility/plugins/vboxinfo.py | 44 +-
volatility/plugins/verinfo.py | 38 +
volatility/plugins/volshell.py | 98 +-
volatility/plugins/win10cookie.py | 51 +
volatility/poolscan.py | 19 +-
volatility/renderers/__init__.py | 284 +
volatility/renderers/basic.py | 34 +
volatility/renderers/dot.py | 37 +
volatility/renderers/html.py | 51 +
volatility/renderers/sqlite.py | 74 +
volatility/renderers/text.py | 202 +
volatility/renderers/xlsx.py | 48 +
volatility/timefmt.py | 2 +-
volatility/validity.py | 39 +
volatility/win32/domcachedump.py | 2 +-
volatility/win32/hashdump.py | 5 +-
volatility/win32/hive.py | 28 +-
volatility/win32/lsasecrets.py | 10 +-
volatility/win32/rawreg.py | 29 +-
volatility/win32/tasks.py | 10 +
280 files changed, 41202 insertions(+), 23104 deletions(-)
create mode 100644 .gitattributes
create mode 100644 .gitignore
copy contrib/{plugins/aspaces => }/__init__.py (100%)
create mode 100644 contrib/library_example/libapi.py
create mode 100644 contrib/library_example/pslist_json.py
copy contrib/plugins/{aspaces => }/__init__.py (100%)
copy contrib/plugins/{aspaces => malware}/__init__.py (100%)
create mode 100644 contrib/plugins/malware/poisonivy.py
create mode 100644 contrib/plugins/malware/zeusscan.py
create mode 100755 pyinstaller/hook-openpyxl.py
create mode 100644 pyinstaller/hook-yara.py
delete mode 100644 setup.cfg
create mode 100644 tools/linux/Makefile.enterprise
create mode 100644 tools/linux/kcore/Makefile
create mode 100644 tools/linux/kcore/elf.h
create mode 100644 tools/linux/kcore/getkcore.c
create mode 100644 tools/linux/kcore/getkcore.h
delete mode 100644 tools/linux/pmem/Makefile
delete mode 100644 tools/linux/pmem/pmem.c
create mode 100644 tools/mac/generate_profile_list.py
create mode 100644 tools/windows/parsesummary.py
delete mode 100644 volatility.egg-info/PKG-INFO
delete mode 100644 volatility.egg-info/SOURCES.txt
delete mode 100644 volatility.egg-info/dependency_links.txt
delete mode 100644 volatility.egg-info/top_level.txt
create mode 100644 volatility/plugins/drivermodule.py
create mode 100644 volatility/plugins/gui/editbox.py
copy volatility/plugins/linux/{lsof.py => getcwd.py} (75%)
copy volatility/plugins/linux/{psenv.py => ld_env.py} (67%)
rename volatility/plugins/linux/{netfiler.py => netfilter.py} (79%)
create mode 100644 volatility/plugins/linux/netscan.py
create mode 100644 volatility/plugins/mac/WKdm.py
create mode 100644 volatility/plugins/mac/compressed_swap.py
create mode 100644 volatility/plugins/mac/get_profile.py
create mode 100644 volatility/plugins/mac/list_kauth_listeners.py
create mode 100644 volatility/plugins/mac/list_kauth_scopes.py
create mode 100644 volatility/plugins/mac/list_raw.py
create mode 100644 volatility/plugins/mac/orphan_threads.py
copy volatility/plugins/mac/{psaux.py => psenv.py} (65%)
create mode 100644 volatility/plugins/mac/threads.py
create mode 100644 volatility/plugins/mac/threads_simple.py
create mode 100644 volatility/plugins/malware/servicediff.py
create mode 100644 volatility/plugins/overlays/windows/win10.py
copy volatility/plugins/overlays/windows/{win8_sp1_x64_vtypes.py => win10_x64_vtypes.py} (69%)
copy volatility/plugins/overlays/windows/{win8_sp1_x86_vtypes.py => win10_x86_vtypes.py} (70%)
copy volatility/plugins/overlays/windows/{win8_sp1_x64_vtypes.py => win81_u1_x64_vtypes.py} (95%)
copy volatility/plugins/overlays/windows/{win8_sp1_x86_vtypes.py => win81_u1_x86_vtypes.py} (95%)
create mode 100644 volatility/plugins/registry/amcache.py
create mode 100644 volatility/plugins/registry/dumpregistry.py
create mode 100644 volatility/plugins/registry/shutdown.py
create mode 100644 volatility/plugins/win10cookie.py
create mode 100644 volatility/renderers/__init__.py
create mode 100644 volatility/renderers/basic.py
create mode 100644 volatility/renderers/dot.py
create mode 100644 volatility/renderers/html.py
create mode 100644 volatility/renderers/sqlite.py
create mode 100644 volatility/renderers/text.py
create mode 100644 volatility/renderers/xlsx.py
create mode 100644 volatility/validity.py
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/volatility.git
More information about the forensics-changes
mailing list