dissect.target.plugins.os.unix.linux.cmdline
¶
Module Contents¶
Classes¶
Base class for plugins. |
Attributes¶
- dissect.target.plugins.os.unix.linux.cmdline.CmdlineRecord¶
- class dissect.target.plugins.os.unix.linux.cmdline.CmdlinePlugin(target: dissect.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Base class for plugins.
Plugins can optionally be namespaced by specifying the
__namespace__
class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specifiedtest
as namespace and a function calledexample
, you must call your plugin withtest.example
:A
Plugin
class has the following private class attributes:__namespace__
__record_descriptors__
With the following three being assigned in
register()
:__plugin__
__functions__
__exports__
Additionally, the methods and attributes of
Plugin
receive more private attributes by using decorators.The
export()
decorator adds the following private attributes__exported__
__output__
: Set with theexport()
decorator.__record__
: Set with theexport()
decorator.
The
internal()
decorator andInternalPlugin
set the__internal__
attribute. Finally.args()
decorator sets the__args__
attribute.The
alias()
decorator populates the__aliases__
private attribute ofPlugin
methods.- Parameters:
target – The
Target
object to load the plugin for.
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- cmdline() Iterator[CmdlineRecord] ¶
Return the complete command line for all processes.
If, after an execve(2), the process modifies its argv strings, those changes will show up here. This is not the same thing as modifying the argv array.
Think of this output as the command line that the process wants you to see.
Yields CmdlineRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The starttime of the process. name (string): The name of the process. pid (int): The process ID of the process. cmdline (string): The complete commandline of the process.