dissect.target.plugins.os.unix.linux.cmdline#

Module Contents#

Classes#

CmdlinePlugin

Base class for plugins.

Attributes#

CmdlineRecord

dissect.target.plugins.os.unix.linux.cmdline.CmdlineRecord#
class dissect.target.plugins.os.unix.linux.cmdline.CmdlinePlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Base class for plugins.

Plugins can optionally be namespaced by specifying the __namespace__ class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified test as namespace and a function called example, you must call your plugin with test.example:

A Plugin class has the following private class attributes:

  • __namespace__

  • __record_descriptors__

With the following three being assigned in register():

  • __plugin__

  • __functions__

  • __exports__

Additionally, the methods and attributes of Plugin receive more private attributes by using decorators.

The export() decorator adds the following private attributes

  • __exported__

  • __output__: Set with the export() decorator.

  • __record__: Set with the export() decorator.

The internal() decorator and InternalPlugin set the __internal__ attribute. Finally. args() decorator sets the __args__ attribute.

Parameters:

target – The Target object to load the plugin for.

check_compatible() None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

cmdline() Iterator[CmdlineRecord]#

Return the complete command line for all processes.

If, after an execve(2), the process modifies its argv strings, those changes will show up here. This is not the same thing as modifying the argv array.

Think of this output as the command line that the process wants you to see.

Yields CmdlineRecord with the following fields:

hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The starttime of the process. name (string): The name of the process. pid (int): The process ID of the process. cmdline (string): The complete commandline of the process.