dissect.target.plugins.os.unix.linux.processes
¶
Module Contents¶
Classes¶
Linux |
Attributes¶
- dissect.target.plugins.os.unix.linux.processes.ProcProcessRecord¶
- class dissect.target.plugins.os.unix.linux.processes.ProcProcesses(target: dissect.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Linux
/proc
process volatile plugin.- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- processes() Iterator[ProcProcessRecord] ¶
Return the processes available in
/proc
and the stats associated with them.There is a numerical subdirectory for each running process; the subdirectory is named by the process ID. Each
/proc/[pid]
subdirectory contains various pseudo-files.Yields ProcProcessRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The start time of the process. name (string): The name of the process. state (string): The state of the process. pid (int): The process ID of the process. runtime (datetime): The amount of time the process is running until moment of acquisition. ppid (int): The parent process ID of the process. parent (string): The name of the parent process ID.