PyPI - dissect.target - Versions diffs - 3.13.dev16__py3-none-any.whl → 3.13.dev18__py3-none-any.whl - Mend

dissect.target 3.13.dev16py3-none-any.whl → 3.13.dev18py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

dissect/target/plugins/os/windows/regf/runkeys.py CHANGED Viewed

@@ -1,5 +1,3 @@
-from flow.record.fieldtypes import path
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import (
     RegistryRecordDescriptorExtension,
@@ -13,7 +11,7 @@ RunKeyRecord = create_extended_descriptor([RegistryRecordDescriptorExtension, Us
     [
         ("datetime", "ts"),
         ("wstring", "name"),
-        ("path", "path"),
+        ("string", "path"),
         ("string", "key"),
     ],
 )
@@ -75,7 +73,7 @@ class RunKeysPlugin(Plugin):
                     yield RunKeyRecord(
                         ts=r.ts,
                         name=entry.name,
-                        path=path.from_windows(entry.value),
+                        path=entry.value,
                         key=key,
                         _target=self.target,
                         _key=r,

dissect/target/target.py CHANGED Viewed

@@ -15,6 +15,7 @@ from dissect.target.exceptions import (
     PluginNotFoundError,
     TargetError,
     UnsupportedPluginError,
+    VolumeSystemError,
 )
 from dissect.target.helpers import config
 from dissect.target.helpers.loaderutil import extract_path_info
@@ -693,11 +694,16 @@ class DiskCollection(Collection[container.Container]):
                         disk.vs = volume.open(disk)
                         self.target.log.debug("Opened volume system: %s on %s", disk.vs, disk)
+                    if not len(disk.vs.volumes):
+                        raise VolumeSystemError("Volume system has no volumes")
                     for vol in disk.vs.volumes:
                         self.target.volumes.add(vol)
                     continue
                 except Exception as e:
-                    self.target.log.warning("Can't identify volume system, adding as raw volume instead: %s", disk)
+                    self.target.log.warning(
+                        "Can't identify volume system or no volumes found, adding as raw volume instead: %s", disk
+                    )
                     self.target.log.debug("", exc_info=e)
             # Fallthrough case for error and if we're part of a logical volume set
@@ -730,7 +736,25 @@ class VolumeCollection(Collection[volume.Volume]):
                 elif volume.is_encrypted(vol):
                     encrypted_volumes.append(vol)
                 else:
-                    self.open(vol)
+                    # We could be getting "regular" volume systems out of LVM or encrypted volumes
+                    # Try to open each volume as a regular volume system, or add as a filesystem if it fails
+                    try:
+                        vs = volume.open(vol)
+                    except Exception:
+                        # If opening a volume system fails, there's likely none, so open as a filesystem instead
+                        self.open(vol)
+                        continue
+                    if not len(vs.volumes):
+                        self.open(vol)
+                        continue
+                    for new_vol in vs.volumes:
+                        if new_vol.offset == 0:
+                            self.target.log.info("Found volume with offset 0, opening as raw volume instead")
+                            self.open(new_vol)
+                            continue
+                        new_volumes.append(new_vol)
             self.target.log.debug("LVM volumes found: %s", lvm_volumes)
             self.target.log.debug("Encrypted volumes found: %s", encrypted_volumes)

dissect/target/volume.py CHANGED Viewed

@@ -22,6 +22,8 @@ vmfs = import_lazy("dissect.target.volumes.vmfs")
 """A lazy import of :mod:`dissect.target.volumes.vmfs`."""
 md = import_lazy("dissect.target.volumes.md")
 """A lazy import of :mod:`dissect.target.volumes.md`."""
+ddf = import_lazy("dissect.target.volumes.ddf")
+"""A lazy import of :mod:`dissect.target.volumes.ddf`."""
 bde = import_lazy("dissect.target.volumes.bde")
 """A lazy import of :mod:`dissect.target.volumes.bde`."""
 luks = import_lazy("dissect.target.volumes.luks")
@@ -34,6 +36,7 @@ LOGICAL_VOLUME_MANAGERS: list[type[LogicalVolumeSystem]] = [
     lvm.LvmVolumeSystem,
     vmfs.VmfsVolumeSystem,
     md.MdVolumeSystem,
+    ddf.DdfVolumeSystem,
 ]
 """All available :class:`LogicalVolumeSystem` classes."""
 ENCRYPTED_VOLUME_MANAGERS: list[type[EncryptedVolumeSystem]] = [bde.BitlockerVolumeSystem, luks.LUKSVolumeSystem]

dissect/target/volumes/ddf.py ADDED Viewed

@@ -0,0 +1,51 @@
+import io
+from collections import defaultdict
+from typing import BinaryIO, Iterator, Union
+from dissect.volume.ddf.ddf import DDF, DEFAULT_SECTOR_SIZE, DDFPhysicalDisk
+from dissect.target.volume import LogicalVolumeSystem, Volume
+class DdfVolumeSystem(LogicalVolumeSystem):
+    def __init__(self, fh: Union[BinaryIO, list[BinaryIO]], *args, **kwargs):
+        self.ddf = DDF(fh)
+        super().__init__(fh, *args, **kwargs)
+    @classmethod
+    def open_all(cls, volumes: list[BinaryIO]) -> Iterator[LogicalVolumeSystem]:
+        sets = defaultdict(list)
+        for vol in volumes:
+            if not cls.detect_volume(vol):
+                continue
+            disk = DDFPhysicalDisk(vol)
+            sets[disk.anchor.DDF_Header_GUID].append(disk)
+        for devs in sets.values():
+            try:
+                yield cls(devs)
+            except Exception:
+                continue
+    @staticmethod
+    def _detect(fh: BinaryIO) -> bool:
+        vols = [fh] if not isinstance(fh, list) else fh
+        for vol in vols:
+            if DdfVolumeSystem.detect_volume(vol):
+                return True
+        return False
+    @staticmethod
+    def _detect_volume(fh: BinaryIO) -> bool:
+        fh.seek(-DEFAULT_SECTOR_SIZE, io.SEEK_END)
+        return int.from_bytes(fh.read(4), "big") == 0xDE11DE11
+    def _volumes(self) -> Iterator[Volume]:
+        # MD only supports one configuration and virtual disk but doing this as a loop
+        # makes it automatically safe for empty configurations
+        for conf in self.ddf.configurations:
+            for vd in conf.virtual_disks:
+                fh = vd.open()
+                yield Volume(fh, 1, None, vd.size, None, vd.name, vd.uuid, raw=self.ddf, vs=self)

{dissect.target-3.13.dev16.dist-info → dissect.target-3.13.dev18.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.13.dev16
+Version: 3.13.dev18
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.13.dev16.dist-info → dissect.target-3.13.dev18.dist-info}/RECORD RENAMED Viewed

@@ -5,8 +5,8 @@ dissect/target/filesystem.py,sha256=A_KZbBBrj-aAjVkAvjreSsk0uX7MkJYMt9pHJjC3aw4,
 dissect/target/loader.py,sha256=4ZdX-QJY83NPswTyNG31LUwYXdV1tuByrR2vKKg7d5k,7214
 dissect/target/plugin.py,sha256=7Gss9pofcWKemwwfeAJ7E6nmJSNnZkBkxTcxUY2wzmk,40526
 dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
-dissect/target/target.py,sha256=83RapSMII5god0iSrADohFEZ7zgIdovBLi64AY0Skm0,29359
-dissect/target/volume.py,sha256=YE4AK8oiqgN-SsAm7vOG2U8KIToZvxbuGlcAR5y3N3Y,15381
+dissect/target/target.py,sha256=FVCQYMgb0fo4R6x5O3lSPuDJzVQxnIcWCqFtdQMdgTg,30504
+dissect/target/volume.py,sha256=WuwT6AvGJPrlA-r5-oLHjBI4OuyFyv_2aSnUK_1q5DA,15512
 dissect/target/containers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/containers/asdf.py,sha256=g8omgyCvXBPd6ZZ1TKmaHNfzfs7W1HqmAsEAdDaXYLk,1398
 dissect/target/containers/ewf.py,sha256=waG6_VOXFis8d9bxyHJCBXFbLWUfkTshHRAEqoiQEqo,1425
@@ -270,7 +270,7 @@ dissect/target/plugins/os/windows/regf/muicache.py,sha256=kE9oo-1FkUj559nvAO9MeJ
 dissect/target/plugins/os/windows/regf/nethist.py,sha256=QHbG9fmZNmjSVhrgqMvMo12YBaQedzeToS7ZD9eIJ28,3111
 dissect/target/plugins/os/windows/regf/recentfilecache.py,sha256=3nLwg8_7bjSrFJXU9ddpWbWm0lZXcE61dnz-alQdmcI,1876
 dissect/target/plugins/os/windows/regf/regf.py,sha256=IbLnOurtlprXAo12iYRdw6fv5J45SuMAqt-mXVYaZi4,3357
-dissect/target/plugins/os/windows/regf/runkeys.py,sha256=Zi94ODnv5nA7Lo-am6ajP52TsfBhLXBsyxy_y0tUfjI,4236
+dissect/target/plugins/os/windows/regf/runkeys.py,sha256=qX-6xOrgBq7_B00C1BoQtI0Ovzou6Sx3XemV0Ra4JMs,4178
 dissect/target/plugins/os/windows/regf/shellbags.py,sha256=EKBWBjxvSfxc7WFKmICZs8QUJnjhsCKesjl_NHEnSUo,25621
 dissect/target/plugins/os/windows/regf/shimcache.py,sha256=dWI9zwRzpM-329znMDjtwH8b0CD2kUgmR0vmWnEwew0,10031
 dissect/target/plugins/os/windows/regf/trusteddocs.py,sha256=4g4m1FYljOpYqGG-7NGyj738Tfnz0uEaN2is2YzkMgg,3669
@@ -297,15 +297,16 @@ dissect/target/tools/dump/state.py,sha256=ZBNz4ou2Xk20K1H8R83S1gq6qcqPvPPVAaPWzp
 dissect/target/tools/dump/utils.py,sha256=nYcLQvPpDgzckM62hokGBh4z32DNH6d6oA8KelvoPMU,7564
 dissect/target/volumes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/volumes/bde.py,sha256=wUdFtzr55vLm6biDxOa65byh7zJxgXdqHaey7B_jVKw,3659
+dissect/target/volumes/ddf.py,sha256=E4K1iLOXh7cUqyT9VJqHGu7aSQjzNPxonb9RmZZ-ct0,1727
 dissect/target/volumes/disk.py,sha256=95grSsPt1BLVpKwTclwQYzPFGKTkFFqapIk0RoGWf38,968
 dissect/target/volumes/luks.py,sha256=mgxZPDrryMZlhq1jiEWtft8rFjESq5_3HLYNsM84dT4,4110
 dissect/target/volumes/lvm.py,sha256=Yj54NlD4dExkSupY56F_K3nNuleqj87phy-V09GR3QU,2247
 dissect/target/volumes/md.py,sha256=N-rxdAeTWR-f5LpwnP4RQZSHP4rzZSo45JMHn8F6Cp8,1652
 dissect/target/volumes/vmfs.py,sha256=mlAJ8278tYaoRjk1u6tFFlCaDQUrVu5ZZE4ikiFvxi8,1707
-dissect.target-3.13.dev16.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.13.dev16.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.13.dev16.dist-info/METADATA,sha256=f_ThEGthOp4q-jCqLQr2HJuPL7hTzRl6L_WExTQ-k8U,10976
-dissect.target-3.13.dev16.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
-dissect.target-3.13.dev16.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.13.dev16.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.13.dev16.dist-info/RECORD,,
+dissect.target-3.13.dev18.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.13.dev18.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.13.dev18.dist-info/METADATA,sha256=-hfPY54YoeRrjNIVFKc5zW1sccqHSp6eXq9Kc9cBwbQ,10976
+dissect.target-3.13.dev18.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
+dissect.target-3.13.dev18.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.13.dev18.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.13.dev18.dist-info/RECORD,,

{dissect.target-3.13.dev16.dist-info → dissect.target-3.13.dev18.dist-info}/COPYRIGHT RENAMED Viewed

File without changes

{dissect.target-3.13.dev16.dist-info → dissect.target-3.13.dev18.dist-info}/LICENSE RENAMED Viewed

File without changes

{dissect.target-3.13.dev16.dist-info → dissect.target-3.13.dev18.dist-info}/WHEEL RENAMED Viewed

File without changes

{dissect.target-3.13.dev16.dist-info → dissect.target-3.13.dev18.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{dissect.target-3.13.dev16.dist-info → dissect.target-3.13.dev18.dist-info}/top_level.txt RENAMED Viewed

File without changes

dissect.target 3.13.dev16__py3-none-any.whl → 3.13.dev18__py3-none-any.whl

dissect.target 3.13.dev16py3-none-any.whl → 3.13.dev18py3-none-any.whl