dissect.target 3.14.dev22__py3-none-any.whl → 3.14.dev24__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -11,6 +11,7 @@ from urllib.parse import ParseResult, parse_qsl
11
11
  from dissect.regf import regf
12
12
  from dissect.util import ts
13
13
  from impacket.dcerpc.v5 import rpcrt, rrp, scmr, transport
14
+ from impacket.dcerpc.v5.rpcrt import DCERPCException
14
15
  from impacket.smbconnection import SessionError, SMBConnection
15
16
 
16
17
  from dissect.target import Target
@@ -189,18 +190,24 @@ class SmbRegistry(RegistryPlugin):
189
190
  return False
190
191
 
191
192
  def _init_registry(self) -> None:
192
- self._svcctl = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\svcctl]", scmr.MSRPC_UUID_SCMR)
193
- self._check_service_status()
193
+ try:
194
+ self._svcctl = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\svcctl]", scmr.MSRPC_UUID_SCMR)
195
+ self._check_service_status()
194
196
 
195
- self._winreg = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\winreg]", rrp.MSRPC_UUID_RRP)
197
+ self._winreg = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\winreg]", rrp.MSRPC_UUID_RRP)
196
198
 
197
- hklm_hive = SmbRegistryHive(self._winreg, "HKEY_LOCAL_MACHINE", rrp.hOpenLocalMachine(self._winreg)["phKey"])
198
- hku_hive = SmbRegistryHive(self._winreg, "HKEY_USERS", rrp.hOpenUsers(self._winreg)["phKey"])
199
+ hklm_hive = SmbRegistryHive(
200
+ self._winreg, "HKEY_LOCAL_MACHINE", rrp.hOpenLocalMachine(self._winreg)["phKey"]
201
+ )
202
+ hku_hive = SmbRegistryHive(self._winreg, "HKEY_USERS", rrp.hOpenUsers(self._winreg)["phKey"])
199
203
 
200
- self._add_hive("HKLM", hklm_hive, TargetPath(self.target.fs, "HKLM"))
201
- self._add_hive("HKU", hku_hive, TargetPath(self.target.fs, "HKU"))
202
- self._map_hive("HKEY_LOCAL_MACHINE", hklm_hive)
203
- self._map_hive("HKEY_USERS", hku_hive)
204
+ self._add_hive("HKLM", hklm_hive, TargetPath(self.target.fs, "HKLM"))
205
+ self._add_hive("HKU", hku_hive, TargetPath(self.target.fs, "HKU"))
206
+ self._map_hive("HKEY_LOCAL_MACHINE", hklm_hive)
207
+ self._map_hive("HKEY_USERS", hku_hive)
208
+ except SessionError:
209
+ self.target.log.info("Failed to open remote registry, registry will not be available")
210
+ return # no registry access, probably no access rights
204
211
 
205
212
  def _init_users(self) -> None:
206
213
  pass
@@ -212,15 +219,18 @@ class SmbRegistry(RegistryPlugin):
212
219
  if hasattr(self, "_was_disabled") and self._was_disabled:
213
220
  scmr.hRChangeServiceConfigW(self._svcctl, self._svc_handle, dwStartType=0x4)
214
221
 
215
- if hasattr(self, "_svcctl"):
222
+ if getattr(self, "_svcctl", None):
216
223
  self._svcctl.disconnect()
217
224
 
218
- if hasattr(self, "_winreg"):
225
+ if getattr(self, "_winreg", None):
219
226
  self._winreg.disconnect()
220
227
 
221
228
  def _check_service_status(self) -> None:
222
- manager_handle = scmr.hROpenSCManagerW(self._svcctl)["lpScHandle"]
223
- self._svc_handle = scmr.hROpenServiceW(self._svcctl, manager_handle, "RemoteRegistry")["lpServiceHandle"]
229
+ try:
230
+ manager_handle = scmr.hROpenSCManagerW(self._svcctl)["lpScHandle"]
231
+ self._svc_handle = scmr.hROpenServiceW(self._svcctl, manager_handle, "RemoteRegistry")["lpServiceHandle"]
232
+ except DCERPCException:
233
+ return
224
234
 
225
235
  current_state = scmr.hRQueryServiceStatus(self._svcctl, self._svc_handle)["lpServiceStatus"]["dwCurrentState"]
226
236
  if current_state == scmr.SERVICE_STOPPED:
@@ -77,7 +77,8 @@ class WindowsPlugin(OSPlugin):
77
77
  self.target.fs.mount(drive, volume.fs)
78
78
  break
79
79
  except Exception as e:
80
- self.target.log.warning("Failed to map drive letters", exc_info=e)
80
+ self.target.log.warning("Failed to map drive letters")
81
+ self.target.log.debug("", exc_info=e)
81
82
 
82
83
  @export(property=True)
83
84
  def hostname(self) -> Optional[str]:
dissect/target/target.py CHANGED
@@ -426,7 +426,8 @@ class Target:
426
426
  if isinstance(os_plugin, plugin.OSPlugin):
427
427
  self._os_plugin = os_plugin.__class__
428
428
  elif issubclass(os_plugin, plugin.OSPlugin):
429
- os_plugin = os_plugin.create(self, os_plugin.detect(self))
429
+ if fs := os_plugin.detect(self):
430
+ os_plugin = os_plugin.create(self, fs)
430
431
 
431
432
  self._os = self.add_plugin(os_plugin)
432
433
  return
@@ -757,22 +758,22 @@ class VolumeCollection(Collection[volume.Volume]):
757
758
  # If we opened an empty volume system, it might also be the case that a filesystem actually
758
759
  # "starts" at offset 0
759
760
 
761
+ # Regardless of what happens, we want to try to open it as a filesystem later on
762
+ fs_volumes.append(vol)
763
+
760
764
  if vol.offset == 0 and vol.vs and vol.vs.__type__ == "disk":
761
765
  # We are going to re-open a volume system on itself, bail out
762
766
  self.target.log.info("Found volume with offset 0, opening as raw volume instead")
763
- fs_volumes.append(vol)
764
767
  continue
765
768
 
766
769
  try:
767
770
  vs = volume.open(vol)
768
771
  except Exception:
769
772
  # If opening a volume system fails, there's likely none, so open as a filesystem instead
770
- fs_volumes.append(vol)
771
773
  continue
772
774
 
773
775
  if not len(vs.volumes):
774
776
  # We opened an empty volume system, discard
775
- fs_volumes.append(vol)
776
777
  continue
777
778
 
778
779
  self.entries.extend(vs.volumes)
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.14.dev22
3
+ Version: 3.14.dev24
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -5,7 +5,7 @@ dissect/target/filesystem.py,sha256=8qbXNbhnE9Y1cz-5OH-67Z5eDJMXKQwy7dNYTw1ST5o,
5
5
  dissect/target/loader.py,sha256=4ZdX-QJY83NPswTyNG31LUwYXdV1tuByrR2vKKg7d5k,7214
6
6
  dissect/target/plugin.py,sha256=5EtUEU8feYSak7NRWocByPFWKsU0yeUJio6L72Ekw5c,40914
7
7
  dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
8
- dissect/target/target.py,sha256=C-IGftviTWRoLIEQjX9IM124ZHCDLKb8DH0LVYdNFb4,31871
8
+ dissect/target/target.py,sha256=CuqLTD3fwr4HIxtDgN_fwJ3UHSqe5PhNJlLTVGsluB8,31908
9
9
  dissect/target/volume.py,sha256=aQZAJiny8jjwkc9UtwIRwy7nINXjCxwpO-_UDfh6-BA,15801
10
10
  dissect/target/containers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
11
11
  dissect/target/containers/asdf.py,sha256=DJp0QEFwUjy2MFwKYcYqIR_BS1fQT1Yi9Kcmqt0aChM,1366
@@ -79,7 +79,7 @@ dissect/target/loaders/pvs.py,sha256=dMqdYSBQtH9QLM3tdu0mokLBcn73edg_HUtYtqrdi6E
79
79
  dissect/target/loaders/raw.py,sha256=03OXVlvkqwR29XYu7WPg3pmGtYd_4QJEGnkAuvIrdPs,355
80
80
  dissect/target/loaders/remote.py,sha256=AoI7-RxH2UMjNWnuHbNaieZycApTY3YZmk4wkQAwFt0,8820
81
81
  dissect/target/loaders/res.py,sha256=8b178x05t9K31wOeP8yGD1IdR3RpiMGz7wcvtHmmHjk,8819
82
- dissect/target/loaders/smb.py,sha256=OWptpqy1CIQNkauKVcQxcDyyksR8paglNfxgilra-Es,12658
82
+ dissect/target/loaders/smb.py,sha256=qP8m4Jq7hvAvUCF9jB4yr2Zut7p_R02_vxziNN3R1to,13070
83
83
  dissect/target/loaders/tanium.py,sha256=P9euiQzvVaQQtMQlEmNe0V25w1BkQFRZBuS-0-ksHpY,1585
84
84
  dissect/target/loaders/tar.py,sha256=4-ouVKnNCmW1o3I0OhF4DUyjvpZ7qLIon848gmRWR1M,3103
85
85
  dissect/target/loaders/target.py,sha256=Bp3kcfW-ntkgDZ9IpYPMoR-4FDBPqcLD_W88Z9IU--o,692
@@ -219,7 +219,7 @@ dissect/target/plugins/os/unix/log/lastlog.py,sha256=eL_dbB1sPoy0tyavIjT457ZLVfX
219
219
  dissect/target/plugins/os/unix/log/messages.py,sha256=W3CeI0tchdRql9SKLFDxk9AKwUvqIrnpCujcERvDt90,2846
220
220
  dissect/target/plugins/os/unix/log/utmp.py,sha256=21tvzG977LqzRShV6uAoU-83WDcLUrI_Tv__2ZVi9rw,7756
221
221
  dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
222
- dissect/target/plugins/os/windows/_os.py,sha256=-a1fdUU0Kl4k2spTskJ3LOJP7MadB-8nkBw6edxbUDc,12106
222
+ dissect/target/plugins/os/windows/_os.py,sha256=agGbApfaSrU2klBYJH_ncOOpBWm0a2dxb8r7b1R4d1w,12144
223
223
  dissect/target/plugins/os/windows/activitiescache.py,sha256=yY41YdCZk9e97Q8_rjZHknMUeOVDxgBG9VtXQHANUsQ,6710
224
224
  dissect/target/plugins/os/windows/adpolicy.py,sha256=rvsvywChfms7d2kMwXRVHZaf8zJ46WmMwYplGAYEax8,6984
225
225
  dissect/target/plugins/os/windows/amcache.py,sha256=ZZNOs3bILTf0AGkDkhoatndl0j39DXkstN7oOyxJECU,27188
@@ -304,10 +304,10 @@ dissect/target/volumes/luks.py,sha256=v_mHW05KM5iG8JDe47i2V4Q9O0r4rnAMA9m_qc9cYw
304
304
  dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
305
305
  dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
306
306
  dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
307
- dissect.target-3.14.dev22.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
308
- dissect.target-3.14.dev22.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
309
- dissect.target-3.14.dev22.dist-info/METADATA,sha256=RSUU0aCyK41-gKDtNF8DBtiF_h6YOhNlCn0XjWaGkcw,11042
310
- dissect.target-3.14.dev22.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
311
- dissect.target-3.14.dev22.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
312
- dissect.target-3.14.dev22.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
313
- dissect.target-3.14.dev22.dist-info/RECORD,,
307
+ dissect.target-3.14.dev24.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
308
+ dissect.target-3.14.dev24.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
309
+ dissect.target-3.14.dev24.dist-info/METADATA,sha256=IoeJMsu7Fw2GBiPaPrlIU7ctHA0R2ja2jtckDBBZ1y0,11042
310
+ dissect.target-3.14.dev24.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
311
+ dissect.target-3.14.dev24.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
312
+ dissect.target-3.14.dev24.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
313
+ dissect.target-3.14.dev24.dist-info/RECORD,,