-
Notifications
You must be signed in to change notification settings - Fork 0
/
dumping_java_proc.txt
72 lines (55 loc) · 2.81 KB
/
dumping_java_proc.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
python vol.py -f /research_data/malware_runs/win/malware-d4765/java8.vmem -p 3432 volshell
python vol.py -f /research_data/malware_runs/win/malware-7ea16/java8.vmem -p 3612 volshell
sys.path.append("/research_data/code/git/extract-pointers/python_mod/")
from mem_chunks import MemChunk
chunks = MemChunk.chunks_from_task_or_file(task=proc(), MChunkCls=MemChunk)
for chunk in chunks.values():
chunk.check_load()
outdir = "/research_data/mem_forensics/malware_runs/win/9a51f0/java_dumps"
for chunk in chunks.values():
chunk.dump_data(outdir=outdir)
python vol.py -f /research_data/malware_runs/win/malware-96c70/java8.vmem -p 3896 volshell
sys.path.append("/research_data/code/git/extract-pointers/python_mod/")
from mem_chunks import MemChunk
chunks = MemChunk.chunks_from_task_or_file(task=proc(), MChunkCls=MemChunk)
for chunk in chunks.values():
chunk.check_load()
outdir = "/research_data/malware_runs/win/malware-96c70/java_dumps"
for chunk in chunks.values():
chunk.dump_data(outdir=outdir)
python vol.py -f /research_data/malware_runs/win/malware-b9a13/java8.vmem -p 3008 volshell
sys.path.append("/research_data/code/git/extract-pointers/python_mod/")
from mem_chunks import MemChunk
chunks = MemChunk.chunks_from_task_or_file(task=proc(), MChunkCls=MemChunk)
for chunk in chunks.values():
chunk.check_load()
outdir = "/research_data/malware_runs/win/malware-b9a13/java_dumps_loader"
for chunk in chunks.values():
chunk.dump_data(outdir=outdir)
python vol.py -f /research_data/malware_runs/win/malware-b9a13/java8.vmem -p 860 volshell
sys.path.append("/research_data/code/git/extract-pointers/python_mod/")
from mem_chunks import MemChunk
chunks = MemChunk.chunks_from_task_or_file(task=proc(), MChunkCls=MemChunk)
for chunk in chunks.values():
chunk.check_load()
outdir = "/research_data/malware_runs/win/malware-b9a13/java_dumps_loaded"
for chunk in chunks.values():
chunk.dump_data(outdir=outdir)
python vol.py -f /research_data/malware_runs/win/malware-a51f0/java8.vmem -p 3672 volshell
sys.path.append("/research_data/code/git/extract-pointers/python_mod/")
from mem_chunks import MemChunk
chunks = MemChunk.chunks_from_task_or_file(task=proc(), MChunkCls=MemChunk)
for chunk in chunks.values():
chunk.check_load()
outdir = "/research_data/malware_runs/win/malware-a51f0/java_dumps"
for chunk in chunks.values():
chunk.dump_data(outdir=outdir)
python vol.py -f /research_data/malware_runs/win/malware-a51f0/java8.vmem -p 1980 volshell
sys.path.append("/research_data/code/git/extract-pointers/python_mod/")
from mem_chunks import MemChunk
chunks = MemChunk.chunks_from_task_or_file(task=proc(), MChunkCls=MemChunk)
for chunk in chunks.values():
chunk.check_load()
outdir = "/research_data/malware_runs/win/malware-a51f0/java_dumps_loader"
for chunk in chunks.values():
chunk.dump_data(outdir=outdir)