dissect.target 3.16.dev39__py3-none-any.whl → 3.16.dev43__py3-none-any.whl

dissect/target/helpers/fsutil.py

@@ -16,23 +16,23 @@ from typing import Any, BinaryIO, Iterator, Optional, Sequence, TextIO, Union
 try:
     import lzma
 
-    HAVE_XZ = True
+    HAS_XZ = True
 except ImportError:
-    HAVE_XZ = False
+    HAS_XZ = False
 
 try:
     import bz2
 
-    HAVE_BZ2 = True
+    HAS_BZ2 = True
 except ImportError:
-    HAVE_BZ2 = False
+    HAS_BZ2 = False
 
 try:
     import zstandard
 
-    HAVE_ZSTD = True
+    HAS_ZSTD = True
 except ImportError:
-    HAVE_ZSTD = False
+    HAS_ZSTD = False
 
 import dissect.target.filesystem as filesystem
 from dissect.target.exceptions import FileNotFoundError, SymlinkRecursionError
@@ -511,14 +511,14 @@ def open_decompress(
     if magic[:2] == b"\x1f\x8b":
         return gzip.open(file, mode, encoding=encoding, errors=errors, newline=newline)
 
-    if HAVE_XZ and magic[:5] == b"\xfd7zXZ":
+    if HAS_XZ and magic[:5] == b"\xfd7zXZ":
         return lzma.open(file, mode, encoding=encoding, errors=errors, newline=newline)
 
-    if HAVE_BZ2 and magic[:3] == b"BZh" and 0x31 <= magic[3] <= 0x39:
+    if HAS_BZ2 and magic[:3] == b"BZh" and 0x31 <= magic[3] <= 0x39:
         # In a valid bz2 header the 4th byte is in the range b'1' ... b'9'.
         return bz2.open(file, mode, encoding=encoding, errors=errors, newline=newline)
 
-    if HAVE_ZSTD and magic[:4] in [b"\xfd\x2f\xb5\x28", b"\x28\xb5\x2f\xfd"]:
+    if HAS_ZSTD and magic[:4] in [b"\xfd\x2f\xb5\x28", b"\x28\xb5\x2f\xfd"]:
         # stream_reader is not seekable, so we have to resort to the less
         # efficient decompressor which returns bytes.
         return io.BytesIO(zstandard.decompress(file.read()))

dissect/target/loaders/dir.py

@@ -34,12 +34,12 @@ def find_entry_path(path: Path) -> str | None:
             return prefix
 
 
-def map_dirs(target: Target, dirs: list[Path], os_type: str, **kwargs) -> None:
+def map_dirs(target: Target, dirs: list[Path | tuple[str, Path]], os_type: str, **kwargs) -> None:
     """Map directories as filesystems into the given target.
 
     Args:
         target: The target to map into.
-        dirs: The directories to map as filesystems.
+        dirs: The directories to map as filesystems. If a list member is a tuple, the first element is the drive letter.
         os_type: The operating system type, used to determine how the filesystem should be mounted.
     """
     alt_separator = ""
@@ -49,6 +49,12 @@ def map_dirs(target: Target, dirs: list[Path], os_type: str, **kwargs) -> None:
         case_sensitive = False
 
     for path in dirs:
+        drive_letter = None
+        if isinstance(path, tuple):
+            drive_letter, path = path
+        elif is_drive_letter_path(path):
+            drive_letter = path.name[0]
+
         if isinstance(path, zipfile.Path):
             dfs = ZipFilesystem(path.root.fp, path.at, alt_separator=alt_separator, case_sensitive=case_sensitive)
         else:
@@ -58,8 +64,8 @@ def map_dirs(target: Target, dirs: list[Path], os_type: str, **kwargs) -> None:
         if os_type == OperatingSystem.WINDOWS:
             loaderutil.add_virtual_ntfs_filesystem(target, dfs, **kwargs)
 
-            if is_drive_letter_path(path):
-                target.fs.mount(path.name[0] + ":", dfs)
+            if drive_letter is not None:
+                target.fs.mount(drive_letter.lower() + ":", dfs)
 
 
 def find_and_map_dirs(target: Target, path: Path, **kwargs) -> None:

dissect/target/loaders/velociraptor.py

@@ -43,6 +43,8 @@ def find_fs_directories(path: Path) -> tuple[Optional[OperatingSystem], Optional
                 # https://github.com/Velocidex/velociraptor/blob/87368e7cc678144592a1614bb3bbd0a0f900ded9/accessors/ntfs/vss.go#L82
                 if "HarddiskVolumeShadowCopy" in volume.name:
                     vss_volumes.add(volume)
+                elif (drive_letter := extract_drive_letter(volume.name)) is not None:
+                    volumes.add((drive_letter, volume))
                 else:
                     volumes.add(volume)
 
@@ -54,6 +56,12 @@ def find_fs_directories(path: Path) -> tuple[Optional[OperatingSystem], Optional
     return None, None
 
 
+def extract_drive_letter(name: str) -> Optional[str]:
+    # \\.\X: in URL encoding
+    if len(name) == 14 and name.startswith("%5C%5C.%5C") and name.endswith("%3A"):
+        return name[10].lower()
+
+
 class VelociraptorLoader(DirLoader):
     """Load Rapid7 Velociraptor forensic image files.
 

dissect/target/tools/reg.py

@@ -3,10 +3,16 @@
 from __future__ import print_function
 
 import argparse
+import itertools
 import logging
 
 from dissect.target import Target
-from dissect.target.exceptions import RegistryError, TargetError
+from dissect.target.exceptions import (
+    RegistryError,
+    RegistryKeyNotFoundError,
+    TargetError,
+)
+from dissect.target.helpers.regutil import RegistryKey
 from dissect.target.tools.utils import (
     catch_sigpipe,
     configure_generic_arguments,
@@ -29,7 +35,8 @@ def main():
     parser.add_argument("targets", metavar="TARGETS", nargs="+", help="Targets to load")
     parser.add_argument("-k", "--key", required=True, help="key to query")
     parser.add_argument("-kv", "--value", help="value to query")
-    parser.add_argument("-d", "--depth", type=int, const=0, nargs="?", default=1)
+    parser.add_argument("-d", "--depth", type=int, const=0, nargs="?", default=1, help="max depth of subkeys to print")
+    parser.add_argument("-l", "--length", type=int, default=100, help="max length of key value to print")
 
     configure_generic_arguments(parser)
     args = parser.parse_args()
@@ -38,34 +45,50 @@ def main():
 
     try:
         for target in Target.open_all(args.targets):
+            if not target.has_function("registry"):
+                target.log.error("Target has no Windows Registry")
+                continue
+
             try:
-                if args.value:
-                    for key in target.registry.keys(args.key):
-                        try:
-                            print(key.value(args.value))
-                        except RegistryError:
-                            continue
-                else:
+                keys = target.registry.keys(args.key)
+                first_key = next(keys)
+
+                print(target)
+
+                for key in itertools.chain([first_key], keys):
                     try:
-                        print(target)
-                        for key in target.registry.keys(args.key):
-                            recursor(key, args.depth, 0)
+                        if args.value:
+                            print(key.value(args.value))
+                        else:
+                            recursor(key, args.depth, 0, args.length)
                     except RegistryError:
                         log.exception("Failed to find registry value")
-            except Exception:
-                log.exception("Failed to iterate key")
+
+            except (RegistryKeyNotFoundError, StopIteration):
+                target.log.error("Key %r does not exist", args.key)
+
+            except Exception as e:
+                target.log.error("Failed to iterate key: %s", e)
+                target.log.debug("", exc_info=e)
     except TargetError as e:
         log.error(e)
         log.debug("", exc_info=e)
         parser.exit(1)
 
 
-def recursor(key, depth, indent):
-    print(" " * indent + f"+ {key.name!r} ({key.ts})")
+def recursor(key: RegistryKey, depth: int, indent: int, max_length: int = 100) -> None:
+    class_name = ""
+    if key.class_name:
+        class_name = f" ({key.class_name})"
+
+    print(" " * indent + f"+ {key.name!r} ({key.ts})" + class_name)
 
     for r in key.values():
         try:
-            print(" " * indent + f"  - {r.name!r} {repr(r.value)[:100]}")
+            value = repr(r.value)
+            if len(value) > max_length:
+                value = value[:max_length] + "..."
+            print(" " * indent + f"  - {r.name!r} {value}")
         except NotImplementedError:
             continue
 
@@ -73,7 +96,7 @@ def recursor(key, depth, indent):
         return
 
     for subkey in key.subkeys():
-        recursor(subkey, depth - 1, indent + 2)
+        recursor(subkey, depth - 1, indent + 2, max_length)
 
 
 if __name__ == "__main__":

{dissect.target-3.16.dev39.dist-info → dissect.target-3.16.dev43.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.16.dev39
+Version: 3.16.dev43
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3
@@ -35,7 +35,7 @@ Requires-Dist: flow.record ~=3.14.0
 Requires-Dist: structlog
 Provides-Extra: cb
 Requires-Dist: dissect.target[full] ; extra == 'cb'
-Requires-Dist: carbon-black-cloud-sdk-python ~=1.4.3 ; extra == 'cb'
+Requires-Dist: carbon-black-cloud-sdk ~=1.4.3 ; extra == 'cb'
 Provides-Extra: full
 Requires-Dist: asn1crypto ; extra == 'full'
 Requires-Dist: dissect.btrfs <2.0.dev,>=1.0.dev ; extra == 'full'

{dissect.target-3.16.dev39.dist-info → dissect.target-3.16.dev43.dist-info}/RECORD

@@ -48,7 +48,7 @@ dissect/target/helpers/configutil.py,sha256=t_UNvcWuMMT5C1tut_PgTwCnVUodf6RjhfXP
 dissect/target/helpers/cyber.py,sha256=Ki5oSU0GgQxjgC_yWoeieGP7GOY5blQCzNX7vy7Pgas,16782
 dissect/target/helpers/descriptor_extensions.py,sha256=uT8GwznfDAiIgMM7JKKOY0PXKMv2c0GCqJTCkWFgops,2605
 dissect/target/helpers/docs.py,sha256=J5U65Y3yOTqxDEZRCdrEmO63XQCeDzOJea1PwPM6Cyc,5146
-dissect/target/helpers/fsutil.py,sha256=Djm7r7gbxMlm7QQagWNeoHd-KoCn3u3JMMRc4TH950Q,19781
+dissect/target/helpers/fsutil.py,sha256=tPyH4RBDqM9QXjamIQaDRLUy3b4dKmfrT6k3ZP01U6Y,19772
 dissect/target/helpers/hashutil.py,sha256=SD24rcV_y0sBEl7M9T-isjm-VzJvCiTN2BoWMqAOAVI,2160
 dissect/target/helpers/keychain.py,sha256=wYH0sf7eaxP0bZTo80RF_BQMWulCWmIQ8Tzt9K5TSNQ,3611
 dissect/target/helpers/lazy.py,sha256=823VtmdWsbJyVZvNWopDhQdqq2i1xtj6b8IKfveboKw,1771
@@ -78,7 +78,7 @@ dissect/target/loaders/ad1.py,sha256=1_VmPZckDzXVvNF-HNtoUZqabnhCKBLUD3vVaitHQ00
 dissect/target/loaders/asdf.py,sha256=dvPPDBrnz2JPXpCbqsu-NgQWIdVGMOit2KAdhIO1iiQ,972
 dissect/target/loaders/cb.py,sha256=EGhdytBKBdofTd89juavDZZbmupEZmMBadeUXvVIK20,6612
 dissect/target/loaders/cyber.py,sha256=Ip2hI7L98ZP7gUZuHQr0GxBdmbTzD-PntXmLJ5KpBuQ,1533
-dissect/target/loaders/dir.py,sha256=nEJepNGI4EEP7MX3X15xysH9agKDmlKjfyd1DDulieU,4968
+dissect/target/loaders/dir.py,sha256=Q5oVS48SuI0vA_QKgzWBiAFsQ4aQaW3tr-701vLk3AQ,5245
 dissect/target/loaders/hyperv.py,sha256=_IOUJEO0BXaCBZ6sjIX0DZTkG9UNW5Vs9VcNHYv073w,5928
 dissect/target/loaders/itunes.py,sha256=69aMTQiiGYpmD_EYSmf9mO1re8C3jAZIEStmwlMxdAk,13146
 dissect/target/loaders/kape.py,sha256=t5TfrGLqPeIpUUpXzIl6aHsqXMEGDqJ5YwDCs07DiBA,1237
@@ -102,7 +102,7 @@ dissect/target/loaders/targetd.py,sha256=sfbn2_j3il2G-rPywAoNT5YPtD5KmKkmBv1zrPD
 dissect/target/loaders/utm.py,sha256=e5x5ZI3HeL0STh4S-CaQb68Rnug4SVZR9zlmHaGFj0M,978
 dissect/target/loaders/vb.py,sha256=CnQcn7bAkMzIB1y-lWLtPPXdIVsyeDaT6hTZEurjkV4,2072
 dissect/target/loaders/vbox.py,sha256=8JD7D8iAY9JRvTHsrosp5ZMsZezuLhZ10Zt8sEL7KBI,732
-dissect/target/loaders/velociraptor.py,sha256=WPnDIWANIIUPgc-kfXSjXptCQ2pkcy1jdkEydiOvs58,4613
+dissect/target/loaders/velociraptor.py,sha256=FNxZgs_ehmgGO_Giw5oNl7cVOWNqI2nEiPWT4GjF2e0,4955
 dissect/target/loaders/vma.py,sha256=AAY5-s-nz6wgvmcFkptJD7nNXhpkdf6SqEKVOrJaIKs,644
 dissect/target/loaders/vmwarevm.py,sha256=1MlKoIuWSwpYmpuLxDuVacvaYHUhAGO1KgZxzrc4fyg,428
 dissect/target/loaders/vmx.py,sha256=o1rYYKu6ReleqqHf2aeRcNrmoRcngWZNhz1h7GlmggQ,962
@@ -317,7 +317,7 @@ dissect/target/tools/info.py,sha256=3smHr8I71yj3kCjsQ5nXkOHI9T_N8UwvkVa1CNOxB-s,
 dissect/target/tools/logging.py,sha256=5ZnumtMWLyslxfrUGZ4ntRyf3obOOhmn8SBjKfdLcEg,4174
 dissect/target/tools/mount.py,sha256=L_0tSmiBdW4aSaF0vXjB0bAkTC0kmT2N1hrbW6s5Jow,3254
 dissect/target/tools/query.py,sha256=1LbvUKSmXOCMb4xqP3t86JkOgFzKlc7mLCqcczfLht8,16018
-dissect/target/tools/reg.py,sha256=tII0MLqJ-3lOt7jE-zHUDqYrk0P4euPjiSS_99FT6LE,2378
+dissect/target/tools/reg.py,sha256=FDsiBBDxjWVUBTRj8xn82vZe-J_d9piM-TKS3PHZCcM,3193
 dissect/target/tools/shell.py,sha256=EBRNKiIV3ljaXKAXraA6DmrIw8Cy5h9irAuwlblP3zo,43251
 dissect/target/tools/utils.py,sha256=bhVZ3-8YynpHkBl4m1T4IpSpCArAXnEjjYwAFGW5JPg,10595
 dissect/target/tools/dump/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -332,10 +332,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.16.dev39.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.16.dev39.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.16.dev39.dist-info/METADATA,sha256=ngLz4XeexsGKv4urTocePElt3tx1Jpc0yxVHs1FcGWU,11107
-dissect.target-3.16.dev39.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-dissect.target-3.16.dev39.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.16.dev39.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.16.dev39.dist-info/RECORD,,
+dissect.target-3.16.dev43.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.16.dev43.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.16.dev43.dist-info/METADATA,sha256=k_mmSMwlIKc86B11l-UAys9JHWtSfbicJtUob1FmEfE,11100
+dissect.target-3.16.dev43.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+dissect.target-3.16.dev43.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.16.dev43.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.16.dev43.dist-info/RECORD,,