:py:mod:`dissect.target.plugins.os.unix.linux.proc` =================================================== .. py:module:: dissect.target.plugins.os.unix.linux.proc Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.unix.linux.proc.NetSocket dissect.target.plugins.os.unix.linux.proc.UnixSocket dissect.target.plugins.os.unix.linux.proc.PacketSocket dissect.target.plugins.os.unix.linux.proc.Environ dissect.target.plugins.os.unix.linux.proc.ProcessStateEnum dissect.target.plugins.os.unix.linux.proc.Sockets dissect.target.plugins.os.unix.linux.proc.ProcProcess dissect.target.plugins.os.unix.linux.proc.ProcPlugin Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: dissect.target.plugins.os.unix.linux.proc.parse_ip Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.unix.linux.proc.PROC_STAT_NAMES .. py:function:: parse_ip(addr: Union[str, int], version: int = 4) -> Union[ipaddress.IPv6Address, ipaddress.IPv4Address] Convert ``/proc/net`` IPv4 or IPv6 hex address into their standard IP notation. .. py:class:: NetSocket .. py:attribute:: sl :type: str .. py:attribute:: local_address :type: str .. py:attribute:: rem_address :type: str .. py:attribute:: state :type: str .. py:attribute:: tx_rx_queue :type: str .. py:attribute:: tr_tm_when :type: str .. py:attribute:: restansmit :type: str .. py:attribute:: uid :type: int .. py:attribute:: timeout :type: str .. py:attribute:: inode :type: int .. py:attribute:: ref :type: Optional[str] .. py:attribute:: pointer :type: Optional[str] .. py:attribute:: drops :type: Optional[str] .. py:attribute:: predicted_tick :type: Optional[str] .. py:attribute:: ack_pingpong :type: Optional[str] .. py:attribute:: congestion_window :type: Optional[str] .. py:attribute:: size_threshold :type: Optional[str] .. py:attribute:: protocol_string :type: Optional[str] .. py:attribute:: local_ip :type: Optional[str] .. py:attribute:: local_port :type: Optional[int] .. py:attribute:: remote_ip :type: Optional[str] .. py:attribute:: remote_port :type: Optional[int] .. py:attribute:: state_string :type: Optional[str] .. py:attribute:: owner :type: Optional[str] .. py:attribute:: rx_queue :type: Optional[int] .. py:attribute:: tx_queue :type: Optional[int] .. py:attribute:: pid :type: Optional[int] .. py:attribute:: name :type: Optional[str] .. py:attribute:: cmdline :type: Optional[str] .. py:method:: from_line(line: str, ip_vers: int = 4) -> NetSocket :classmethod: .. py:class:: UnixSocket .. py:attribute:: num :type: str .. py:attribute:: ref :type: int .. py:attribute:: protocol :type: int .. py:attribute:: flags :type: str .. py:attribute:: type :type: int .. py:attribute:: state :type: int .. py:attribute:: inode :type: int .. py:attribute:: path :type: Optional[str] .. py:attribute:: state_string :type: Optional[str] .. py:attribute:: stream_type_string :type: Optional[str] .. py:attribute:: protocol_string :type: str :value: 'unix' .. py:method:: from_line(line: str) -> UnixSocket :classmethod: .. py:class:: PacketSocket .. py:attribute:: sk :type: int .. py:attribute:: ref :type: int .. py:attribute:: type :type: int .. py:attribute:: protocol :type: int .. py:attribute:: iface :type: int .. py:attribute:: r :type: int .. py:attribute:: rmem :type: int .. py:attribute:: user :type: int .. py:attribute:: inode :type: int .. py:attribute:: pid :type: Optional[int] .. py:attribute:: name :type: Optional[str] .. py:attribute:: cmdline :type: Optional[str] .. py:attribute:: protocol_type :type: Optional[int] .. py:attribute:: owner :type: Optional[str] .. py:attribute:: protocol_string :type: str :value: 'packet' .. py:method:: from_line(line: str) -> PacketSocket :classmethod: .. py:class:: Environ .. py:attribute:: variable :type: str .. py:attribute:: contents :type: str .. py:class:: ProcessStateEnum Bases: :py:obj:`dissect.target.helpers.utils.StrEnum` Sortable and serializible string-based enum .. py:attribute:: R :value: 'Running' .. py:attribute:: I :value: 'Idle' .. py:attribute:: S :value: 'Sleeping' .. py:attribute:: D :value: 'Waiting' .. py:attribute:: Z :value: 'Zombie' .. py:attribute:: T :value: 'Stopped' .. py:attribute:: t :value: 'Tracing' .. py:attribute:: X :value: 'Dead' .. py:attribute:: x :value: 'Dead' .. py:attribute:: K :value: 'Wakekill' .. py:attribute:: W :value: 'Waking' .. py:attribute:: P :value: 'Parked' .. py:attribute:: N :value: 'None' .. py:data:: PROC_STAT_NAMES :value: ['pid', 'comm', 'state', 'ppid', 'pgrp', 'session', 'tty_nr', 'tpgid', 'flags', 'minflt',... .. py:class:: Sockets(target: dissect.target.target.Target) .. py:class:: PacketProtocolTypes Bases: :py:obj:`enum.IntEnum` Enum where members are also (and must be) ints .. py:attribute:: ETH_P_802_3 :value: 1 .. py:attribute:: ETH_P_AX25 :value: 2 .. py:attribute:: ETH_P_ALL :value: 3 .. py:attribute:: ETH_P_802_2 :value: 4 .. py:attribute:: ETH_P_SNAP :value: 5 .. py:attribute:: ETH_P_DDCMP :value: 6 .. py:attribute:: ETH_P_WAN_PPP :value: 7 .. py:attribute:: ETH_P_PPP_MP :value: 8 .. py:attribute:: ETH_P_LOCALTALK :value: 9 .. py:attribute:: ETH_P_CAN :value: 12 .. py:attribute:: ETH_P_PPPTALK :value: 16 .. py:attribute:: ETH_P_TR_802_2 :value: 17 .. py:attribute:: ETH_P_MOBITEX :value: 21 .. py:attribute:: ETH_P_CONTROL :value: 22 .. py:attribute:: ETH_P_IRDA :value: 23 .. py:attribute:: ETH_P_ECONET :value: 24 .. py:attribute:: ETH_P_HDLC :value: 25 .. py:attribute:: ETH_P_ARCNET :value: 26 .. py:attribute:: ETH_P_DSA :value: 27 .. py:attribute:: ETH_P_TRAILER :value: 28 .. py:attribute:: ETH_P_PHONET :value: 245 .. py:attribute:: ETH_P_IEEE802154 :value: 246 .. py:class:: SocketStreamType Bases: :py:obj:`enum.IntEnum` Enum where members are also (and must be) ints .. py:attribute:: STREAM :value: 1 .. py:attribute:: DGRAM :value: 2 .. py:attribute:: SEQPACKET :value: 5 .. py:class:: SocketStateType Bases: :py:obj:`enum.IntEnum` Enum where members are also (and must be) ints .. py:attribute:: LISTENING :value: 1 .. py:attribute:: CONNECTED :value: 3 .. py:class:: TCPStates Bases: :py:obj:`enum.IntEnum` Enum where members are also (and must be) ints .. py:attribute:: DUMMY :value: 0 .. py:attribute:: ESTABLISHED :value: 1 .. py:attribute:: SYN_SENT :value: 2 .. py:attribute:: SYN_RECV :value: 3 .. py:attribute:: FIN_WAIT1 :value: 4 .. py:attribute:: FIN_WAIT2 :value: 5 .. py:attribute:: TIME_WAIT :value: 6 .. py:attribute:: CLOSE :value: 7 .. py:attribute:: CLOSE_WAIT :value: 8 .. py:attribute:: LAST_ACK :value: 9 .. py:attribute:: LISTEN :value: 10 .. py:attribute:: CLOSING :value: 11 .. py:attribute:: NEW_SYN_RECV :value: 12 .. py:attribute:: MAX_STATES :value: 13 .. py:class:: UDPStates Bases: :py:obj:`enum.IntEnum` Enum where members are also (and must be) ints .. py:attribute:: DUMMY :value: 0 .. py:attribute:: ESTABLISHED :value: 1 .. py:attribute:: LISTEN :value: 7 .. py:method:: packet() -> Iterator[PacketSocket] Yield parsed ``/proc/net/packet`` entries. .. py:method:: raw() -> Iterator[NetSocket] Yield parsed ``/proc/net/raw`` entries. .. py:method:: raw6() -> Iterator[NetSocket] Yield parsed ``/proc/net/raw6`` entries. .. py:method:: tcp6() -> Iterator[NetSocket] Yield parsed ``/proc/net/tcp6`` entries. .. py:method:: tcp() -> Iterator[NetSocket] Yield parsed ``/proc/net/tcp`` entries. .. py:method:: udp() -> Iterator[NetSocket] Yield parsed ``/proc/net/upd`` entries. .. py:method:: udp6() -> Iterator[NetSocket] Yield parsed ``/proc/net/udp6`` entries. .. py:method:: unix() -> Iterator[UnixSocket] Yield parsed ``/proc/net/unix`` entries. .. py:class:: ProcProcess(target: dissect.target.target.Target, pid: Union[int, str], proc_root: str = '/proc') .. py:property:: owner :type: str Return the username or the user ID (uid) (if owner is not found) of the owner of this process. .. py:property:: uid :type: int Return the user ID (uid) of the owner of this process. .. py:property:: pid :type: int Returns the process ID (pid) associated to this process. .. py:property:: parent :type: Optional[ProcProcess] Returns the parent :class:`ProcProcess` of this process. .. py:property:: ppid :type: Optional[int] Returns the parent process ID (ppid) associated to this process. .. py:property:: parent_name :type: Optional[str] Returns the name associated to the parent process ID (ppid) of this process. .. py:property:: state :type: str Returns the state of the process (S'leeping, R'unning, I'dle, etc). .. py:property:: starttime :type: datetime.datetime Returns the start time of the process. .. py:property:: runtime :type: datetime.timedelta Returns the runtime of a process until the moment of acquisition. .. py:property:: now :type: datetime.datetime Returns the ``now()`` timestamp of the system at the moment of acquisition. .. py:property:: uptime :type: datetime.timedelta Returns the uptime of the system from the moment it was acquired. .. py:property:: cmdline :type: str Return the command line of a process. .. py:method:: get(path: str) -> pathlib.Path Returns a TargetPath relative to this process. .. py:method:: environ() -> Iterator[Environ] Yields the content of the environ file associated with the process. .. py:method:: stat() -> dissect.target.filesystem.fsutil.stat_result Return a stat entry of the process. .. py:class:: ProcPlugin(target: dissect.target.target.Target) Bases: :py:obj:`dissect.target.plugin.Plugin` Base class for plugins. Plugins can optionally be namespaced by specifying the ``__namespace__`` class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified ``test`` as namespace and a function called ``example``, you must call your plugin with ``test.example``:: A ``Plugin`` class has the following private class attributes: - ``__namespace__`` - ``__record_descriptors__`` With the following three being assigned in :func:`register`: - ``__plugin__`` - ``__functions__`` - ``__exports__`` Additionally, the methods and attributes of :class:`Plugin` receive more private attributes by using decorators. The :func:`export` decorator adds the following private attributes - ``__exported__`` - ``__output__``: Set with the :func:`export` decorator. - ``__record__``: Set with the :func:`export` decorator. The :func:`internal` decorator and :class:`InternalPlugin` set the ``__internal__`` attribute. Finally. :func:`args` decorator sets the ``__args__`` attribute. :param target: The :class:`~dissect.target.target.Target` object to load the plugin for. .. py:attribute:: __namespace__ :value: 'proc' .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: inode_map() -> dict[int, list[ProcProcess]] Creates a inode to pid mapping for all process IDs in ``/proc/[pid]``. .. py:method:: iter_proc() -> Iterator[pathlib.Path] Yields ``/proc/[pid]`` filesystems entries for every process id (pid) found in procfs. .. py:method:: inode_to_pids(inode: int) -> list[ProcProcess] .. py:method:: process(pid: Union[int, str]) -> ProcProcess .. py:method:: processes() -> Iterator[ProcProcess]