dissect.target.plugins.os.unix.linux.cmdline

Module Contents

Classes

CmdlinePlugin

Linux volatile proc commandline plugin.

Attributes

dissect.target.plugins.os.unix.linux.cmdline.CmdlineRecord
class dissect.target.plugins.os.unix.linux.cmdline.CmdlinePlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Linux volatile proc commandline plugin.

check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

cmdline() Iterator[CmdlineRecord]

Return the complete command line for all processes.

If, after an execve(2), the process modifies its argv strings, those changes will show up here. This is not the same thing as modifying the argv array.

Think of this output as the command line that the process wants you to see.

Yields CmdlineRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The starttime of the process.
name (string): The name of the process.
pid (int): The process ID of the process.
cmdline (string): The complete commandline of the process.