forked from Cisco-Talos/pyrebox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstart_x86_64.sh
executable file
·26 lines (21 loc) · 986 Bytes
/
start_x86_64.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/usr/bin/env bash
#This script is provided as an example of a possible QEMU / Pyrebox configuration
#for a Windows 7 SP 0 64 bit analysis target.
#It assumes that pyrebox.conf.Win7SP0x64 exists, and contains the list
#of scripts to be loaded on startup, as well as the configuration parameter
#that indicates Volatility the profile to apply.
#The QEMU parameters specified will start a VM with:
# * 512 MiB of RAM
# * Usb support
# * A main hard-drive, provided as a qcow2 image as the first parameter for the script
# * Starts a VNC server on 127.0.0.1 for showing the system display
# * Redirects the QEMU monitor to stdio (only configuration supported currently)
if [ -z "$2" ]
then
snapshot=""
else
snapshot="-loadvm $2"
fi
BASEDIR=$(dirname "$0")
cp $BASEDIR/pyrebox.conf.Win7SP0x64 $BASEDIR/pyrebox.conf
$BASEDIR/pyrebox-x86_64 -monitor stdio -net none -m 512 -usb -drive file=$1,index=0,media=disk,format=qcow2,cache=unsafe -vnc 127.0.0.1:0 ${snapshot}