-
Notifications
You must be signed in to change notification settings - Fork 249
Steps to add new x86 OS Support #112
Comments
Hi kesullivan, I am glad you are willing to add support to another OS! :-) That's great news :-). A few points: VMI is done part in C/C++ and part in Python, for efficiency. If you look under pyrebox/ you will see some genetic clases: (vmi.h, vmi.cpp, vmi.py), that implement generic classes and redirect the function calls to the appropriate functions located in OS specific files: (see windows_vmi.h, windows_vmi.cpp, windows_vmi.py. / linux_vmi.h, linux_vmi.cpp, linux_vmi.py). You will need to start by adding a new OS to this enum:
Hope this information is useful to understanding the bigger picture. I hope I am not missing anything, but if that's the case and you get stuck in something, please let me know and I will try to answer. Thanks again for adding support for your OS, this can be a good contribution :-). |
@xabiugarte In volatility3 my os relies on the config.json to skip some automagic analysis for things like the Is there a way to have pyrebox also use the config.json when dealing with volatility commands? |
Never mind I reworked some of my volatility code to get automagic to work and grab the linux_banner and also the CR3 value for the DTB |
Hi Kesullivan, It is fine to make changes under the volatility/ directory. As a good practice, try to make them as decoupled as possible from the original volatility code so that it is easier to merge upstream releases. Also, it would be great if you talk with the volatility team to include these changes in their upstream repository (if you have not done so already). Thanks, |
I have a 32-bit x86 OS that is close to Linux, BSD based, and I was wondering what some high level steps I will need to take to add support for that OS in PyREBox3?
I have started to add support for this OS in Volatility 3 and can do some basic things with a dump like pslist and will continue to work on more but my end goal is to have it working in the python3 version of pyrebox. I know so far I will have to support a
pyrebox.py
script involatility/volatility/framework/plugins/os
and add some functions tovolatility/volatility/framework/symbols/os/extensions/__init__.py
And am wondering what other steps like that I will need to take inside the pyrebox code to start to support a new os?
#105 Will probably be my best reference for adding support but other bullets I will need to hit or any tips would be greatly appreciated
The text was updated successfully, but these errors were encountered: