dissect.target 3.17.dev36__py3-none-any.whl → 3.17.dev37__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/helpers/record_modifier.py +4 -1
- dissect/target/plugins/os/windows/regf/runkeys.py +6 -4
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/METADATA +2 -2
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/RECORD +9 -9
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/LICENSE +0 -0
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/WHEEL +0 -0
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/top_level.txt +0 -0
|
@@ -62,13 +62,16 @@ MODIFIER_MAPPING = {
|
|
|
62
62
|
|
|
63
63
|
def _resolve_path_types(target: Target, record: Record) -> Iterator[tuple[str, TargetPath]]:
|
|
64
64
|
for field_name, field_type in record._field_types.items():
|
|
65
|
-
if not issubclass(field_type, fieldtypes.path):
|
|
65
|
+
if not issubclass(field_type, (fieldtypes.path, fieldtypes.command)):
|
|
66
66
|
continue
|
|
67
67
|
|
|
68
68
|
path = getattr(record, field_name, None)
|
|
69
69
|
if path is None:
|
|
70
70
|
continue
|
|
71
71
|
|
|
72
|
+
if isinstance(path, fieldtypes.command):
|
|
73
|
+
path = path.executable
|
|
74
|
+
|
|
72
75
|
yield field_name, target.resolve(str(path))
|
|
73
76
|
|
|
74
77
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
from typing import Iterator
|
|
2
|
+
|
|
1
3
|
from dissect.target.exceptions import UnsupportedPluginError
|
|
2
4
|
from dissect.target.helpers.descriptor_extensions import (
|
|
3
5
|
RegistryRecordDescriptorExtension,
|
|
@@ -11,7 +13,7 @@ RunKeyRecord = create_extended_descriptor([RegistryRecordDescriptorExtension, Us
|
|
|
11
13
|
[
|
|
12
14
|
("datetime", "ts"),
|
|
13
15
|
("wstring", "name"),
|
|
14
|
-
("
|
|
16
|
+
("command", "command"),
|
|
15
17
|
("string", "key"),
|
|
16
18
|
],
|
|
17
19
|
)
|
|
@@ -48,7 +50,7 @@ class RunKeysPlugin(Plugin):
|
|
|
48
50
|
raise UnsupportedPluginError("No registry run key found")
|
|
49
51
|
|
|
50
52
|
@export(record=RunKeyRecord)
|
|
51
|
-
def runkeys(self):
|
|
53
|
+
def runkeys(self) -> Iterator[RunKeyRecord]:
|
|
52
54
|
"""Iterate various run key locations. See source for all locations.
|
|
53
55
|
|
|
54
56
|
Run keys (Run and RunOnce) are registry keys that make a program run when a user logs on. a Run key runs every
|
|
@@ -63,7 +65,7 @@ class RunKeysPlugin(Plugin):
|
|
|
63
65
|
domain (string): The target domain.
|
|
64
66
|
ts (datetime): The registry key last modified timestamp.
|
|
65
67
|
name (string): The run key name.
|
|
66
|
-
|
|
68
|
+
command (command): The run key command.
|
|
67
69
|
key (string): The source key for this run key.
|
|
68
70
|
"""
|
|
69
71
|
for key in self.KEYS:
|
|
@@ -73,7 +75,7 @@ class RunKeysPlugin(Plugin):
|
|
|
73
75
|
yield RunKeyRecord(
|
|
74
76
|
ts=r.ts,
|
|
75
77
|
name=entry.name,
|
|
76
|
-
|
|
78
|
+
command=entry.value,
|
|
77
79
|
key=key,
|
|
78
80
|
_target=self.target,
|
|
79
81
|
_key=r,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.17.
|
|
3
|
+
Version: 3.17.dev37
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -31,7 +31,7 @@ Requires-Dist: dissect.ntfs <4.0.dev,>=3.4.dev
|
|
|
31
31
|
Requires-Dist: dissect.regf <4.0.dev,>=3.3.dev
|
|
32
32
|
Requires-Dist: dissect.util <4.0.dev,>=3.0.dev
|
|
33
33
|
Requires-Dist: dissect.volume <4.0.dev,>=3.0.dev
|
|
34
|
-
Requires-Dist: flow.record ~=3.
|
|
34
|
+
Requires-Dist: flow.record ~=3.15.0
|
|
35
35
|
Requires-Dist: structlog
|
|
36
36
|
Provides-Extra: cb
|
|
37
37
|
Requires-Dist: dissect.target[full] ; extra == 'cb'
|
|
@@ -62,7 +62,7 @@ dissect/target/helpers/network_managers.py,sha256=uRh_P8ICbKke2N7eFJ6AS2-I5DmIRi
|
|
|
62
62
|
dissect/target/helpers/polypath.py,sha256=h8p7m_OCNiQljGwoZh5Aflr9H2ot6CZr6WKq1OSw58o,2175
|
|
63
63
|
dissect/target/helpers/protobuf.py,sha256=NwKrZD4q9v7J8GnZX9gbzMUMV5pR78eAV17jgWOz_EY,1730
|
|
64
64
|
dissect/target/helpers/record.py,sha256=lWl7k2Mp9Axllm0tXzPGJx2zj2zONsyY_p5g424T0Lc,4826
|
|
65
|
-
dissect/target/helpers/record_modifier.py,sha256=
|
|
65
|
+
dissect/target/helpers/record_modifier.py,sha256=3I_rC5jqvl0TsW3V8OQ6Dltz_D8J4PU1uhhzbJGKm9c,3245
|
|
66
66
|
dissect/target/helpers/regutil.py,sha256=kX-sSZbW8Qkg29Dn_9zYbaQrwLumrr4Y8zJ1EhHXIAM,27337
|
|
67
67
|
dissect/target/helpers/shell_folder_ids.py,sha256=Behhb8oh0kMxrEk6YYKYigCDZe8Hw5QS6iK_d2hTs2Y,24978
|
|
68
68
|
dissect/target/helpers/ssh.py,sha256=LPssHXyfL8QYmLi2vpa3wElsGboLG_A1Y8kvOehpUr4,6338
|
|
@@ -307,7 +307,7 @@ dissect/target/plugins/os/windows/regf/muicache.py,sha256=qoA7S8SiZakIreQqxc_QH1
|
|
|
307
307
|
dissect/target/plugins/os/windows/regf/nethist.py,sha256=QHbG9fmZNmjSVhrgqMvMo12YBaQedzeToS7ZD9eIJ28,3111
|
|
308
308
|
dissect/target/plugins/os/windows/regf/recentfilecache.py,sha256=Wr6u7SajA9BtUiypztak9ASJZuimOtWfQUAlfvskjMg,1838
|
|
309
309
|
dissect/target/plugins/os/windows/regf/regf.py,sha256=IbLnOurtlprXAo12iYRdw6fv5J45SuMAqt-mXVYaZi4,3357
|
|
310
|
-
dissect/target/plugins/os/windows/regf/runkeys.py,sha256=
|
|
310
|
+
dissect/target/plugins/os/windows/regf/runkeys.py,sha256=f10jOPTJlUVDEhSiH9JSltKQ-V7zfa8iPX0nKl1gBXo,4247
|
|
311
311
|
dissect/target/plugins/os/windows/regf/shellbags.py,sha256=EKBWBjxvSfxc7WFKmICZs8QUJnjhsCKesjl_NHEnSUo,25621
|
|
312
312
|
dissect/target/plugins/os/windows/regf/shimcache.py,sha256=4SHtwh-ajhgcyR2-vsBbjnsyBtEVPwlgk5j8e1TQkWM,9972
|
|
313
313
|
dissect/target/plugins/os/windows/regf/trusteddocs.py,sha256=4g4m1FYljOpYqGG-7NGyj738Tfnz0uEaN2is2YzkMgg,3669
|
|
@@ -340,10 +340,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
340
340
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
341
341
|
dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
|
|
342
342
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
343
|
-
dissect.target-3.17.
|
|
344
|
-
dissect.target-3.17.
|
|
345
|
-
dissect.target-3.17.
|
|
346
|
-
dissect.target-3.17.
|
|
347
|
-
dissect.target-3.17.
|
|
348
|
-
dissect.target-3.17.
|
|
349
|
-
dissect.target-3.17.
|
|
343
|
+
dissect.target-3.17.dev37.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
344
|
+
dissect.target-3.17.dev37.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
345
|
+
dissect.target-3.17.dev37.dist-info/METADATA,sha256=lG1EhM84cgxqVPODtlB_Ruvy2WmoUgjrea3a9pSWu20,11300
|
|
346
|
+
dissect.target-3.17.dev37.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
|
|
347
|
+
dissect.target-3.17.dev37.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
|
|
348
|
+
dissect.target-3.17.dev37.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
349
|
+
dissect.target-3.17.dev37.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{dissect.target-3.17.dev36.dist-info → dissect.target-3.17.dev37.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
|
File without changes
|