forked from skelsec/pypykatz-volatility3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvol_pypykatz.py
41 lines (31 loc) · 1.08 KB
/
vol_pypykatz.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#
# Author:
# Tamas Jos (@skelsec)
#
#
import logging
from typing import List
from volatility3.framework import interfaces, renderers
from volatility3.framework.configuration import requirements
from volatility3.plugins.windows import pslist
from pypykatz.pypykatz import pypykatz as pparser
vollog = logging.getLogger(__name__)
class pypykatz(interfaces.plugins.PluginInterface):
_required_framework_version = (2, 0, 0)
@classmethod
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(
name="primary",
description="Memory layer for the kernel",
architectures=["Intel32", "Intel64"],
),
requirements.SymbolTableRequirement(
name="nt_symbols", description="Windows kernel symbols"
),
requirements.PluginRequirement(
name="pslist", plugin=pslist.PsList, version=(2, 0, 0)
),
]
def run(self):
return pparser.go_volatility3(self)