dissect.target.plugins.os.unix.linux.processes

Module Contents

Classes

ProcProcesses

Linux /proc process volatile plugin.

Attributes

dissect.target.plugins.os.unix.linux.processes.ProcProcessRecord
class dissect.target.plugins.os.unix.linux.processes.ProcProcesses(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Linux /proc process volatile plugin.

check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

processes() Iterator[ProcProcessRecord]

Return the processes available in /proc and the stats associated with them.

There is a numerical subdirectory for each running process; the subdirectory is named by the process ID. Each /proc/[pid] subdirectory contains various pseudo-files.

Yields ProcProcessRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The start time of the process.
name (string): The name of the process.
state (string): The state of the process.
pid (int): The process ID of the process.
runtime (datetime): The amount of time the process is running until moment of acquisition.
ppid (int): The parent process ID of the process.
parent (string): The name of the parent process ID.