1   
 2   
 3   
 4   
 5  import os.path 
 6  import subprocess 
 7  import time 
 8   
 9  from lib.common.abstracts import Auxiliary 
10  from lib.common.exceptions import CuckooDisableModule, CuckooPackageError 
11  from lib.common.results import upload_to_host 
12   
14      """Allow procmon to be run on the side.""" 
16          if not self.options.get("procmon"): 
17              raise CuckooDisableModule 
18   
19          bin_path = os.path.join(self.analyzer.path, "bin") 
20   
21          self.procmon_exe = os.path.join(bin_path, "procmon.exe") 
22          self.procmon_pmc = os.path.join(bin_path, "procmon.pmc") 
23          self.procmon_pml = os.path.join(bin_path, "procmon.pml") 
24          self.procmon_xml = os.path.join(bin_path, "procmon.xml") 
25   
26          if not os.path.exists(self.procmon_exe) or \ 
27                  not os.path.exists(self.procmon_pmc): 
28              raise CuckooPackageError( 
29                  "In order to use the Process Monitor functionality it is " 
30                  "required to have Procmon setup with Cuckoo. Please run the " 
31                  "Cuckoo Community script which will automatically fetch all " 
32                  "related files to get you up-and-running." 
33              ) 
34   
35           
36          subprocess.Popen([ 
37              self.procmon_exe, 
38              "/AcceptEula", 
39              "/Quiet", 
40              "/Minimized", 
41              "/BackingFile", self.procmon_pml, 
42          ]) 
43   
44           
45           
46          while not os.path.exists(self.procmon_pml) or \ 
47                  not os.path.getsize(self.procmon_pml): 
48              time.sleep(0.1) 
 49   
51           
52          subprocess.check_call([ 
53              self.procmon_exe, 
54              "/Terminate", 
55          ]) 
56   
57           
58          subprocess.check_call([ 
59              self.procmon_exe, 
60              "/OpenLog", self.procmon_pml, 
61              "/LoadConfig", self.procmon_pmc, 
62              "/SaveAs", self.procmon_xml, 
63              "/SaveApplyFilter", 
64          ]) 
65   
66           
67          upload_to_host(self.procmon_xml, os.path.join("logs", "procmon.xml")) 
  68