forked from Cisco-Talos/pyrebox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstart_i386.sh
executable file
·26 lines (21 loc) · 1004 Bytes
/
start_i386.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/usr/bin/env bash
#This script is provided as an example of a possible QEMU / Pyrebox configuration
#for a Windows XP SP3, 32 bit analysis target.
#It assumes that pyrebox.conf.WinXPSP3x86 exists, and contains the list
#of scripts to be loaded on startup, as well as the configuration parameter
#that indicates Volatility the profile to apply.
#The QEMU parameters specified will start a VM with:
# * 256 MiB of RAM
# * Usb support
# * A main hard-drive, provided as a qcow2 image as the first parameter for the script
# * Starts a VNC server on 127.0.0.1 for showing the system display
# * Redirects the QEMU monitor to stdio (only configuration supported currently)
if [ -z "$2" ]
then
snapshot=""
else
snapshot="-loadvm $2"
fi
BASEDIR=$(dirname "$0")
cp $BASEDIR/pyrebox.conf.WinXPSP3x86 $BASEDIR/pyrebox.conf
$BASEDIR/pyrebox-i386 -monitor stdio -net none -m 256 -usb -usbdevice tablet -drive file=$1,index=0,media=disk,format=qcow2,cache=unsafe -vnc 127.0.0.1:0 ${snapshot}