dissect.target 3.18.dev14__py3-none-any.whl → 3.18.dev16__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/plugins/os/windows/_os.py +11 -3
- dissect/target/plugins/os/windows/regf/shellbags.py +8 -5
- {dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/METADATA +1 -1
- {dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/RECORD +9 -9
- {dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/LICENSE +0 -0
- {dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/WHEEL +0 -0
- {dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/top_level.txt +0 -0
|
@@ -247,13 +247,21 @@ class WindowsPlugin(OSPlugin):
|
|
|
247
247
|
if any(map(lambda value: value is not None, version_parts.values())):
|
|
248
248
|
version = []
|
|
249
249
|
|
|
250
|
+
nt_version = _part_str(version_parts, "CurrentVersion")
|
|
251
|
+
build_version = _part_str(version_parts, "CurrentBuildNumber")
|
|
250
252
|
prodcut_name = _part_str(version_parts, "ProductName")
|
|
251
|
-
version.append(prodcut_name)
|
|
252
253
|
|
|
253
|
-
|
|
254
|
+
# CurrentBuildNumber >= 22000 on NT 10.0 indicates Windows 11.
|
|
255
|
+
# https://learn.microsoft.com/en-us/windows/release-health/windows11-release-information
|
|
256
|
+
try:
|
|
257
|
+
if nt_version == "10.0" and int(build_version) >= 22_000:
|
|
258
|
+
prodcut_name = prodcut_name.replace("Windows 10", "Windows 11")
|
|
259
|
+
except ValueError:
|
|
260
|
+
pass
|
|
261
|
+
|
|
262
|
+
version.append(prodcut_name)
|
|
254
263
|
version.append(f"(NT {nt_version})")
|
|
255
264
|
|
|
256
|
-
build_version = _part_str(version_parts, "CurrentBuildNumber")
|
|
257
265
|
ubr = version_parts["UBR"]
|
|
258
266
|
if ubr:
|
|
259
267
|
build_version = f"{build_version}.{ubr}"
|
|
@@ -907,17 +907,20 @@ class EXTENSION_BLOCK_BEEF0004(EXTENSION_BLOCK): # noqa
|
|
|
907
907
|
self.file_reference = c_bag.uint64(fh)
|
|
908
908
|
c_bag.uint64(fh)
|
|
909
909
|
if version >= 3:
|
|
910
|
-
|
|
910
|
+
# Start of strings
|
|
911
|
+
localized_name_offset = c_bag.uint16(fh)
|
|
911
912
|
if version >= 9:
|
|
912
913
|
c_bag.uint32(fh)
|
|
913
914
|
if version >= 8:
|
|
914
915
|
c_bag.uint32(fh)
|
|
915
916
|
if version >= 3:
|
|
916
917
|
self.long_name = c_bag.wchar[None](fh)
|
|
917
|
-
|
|
918
|
-
|
|
919
|
-
|
|
920
|
-
|
|
918
|
+
|
|
919
|
+
if 3 <= version < 7 and localized_name_offset > 0:
|
|
920
|
+
self.localized_name = c_bag.char[None](fh)
|
|
921
|
+
|
|
922
|
+
if version >= 7 and localized_name_offset > 0:
|
|
923
|
+
self.localized_name = c_bag.wchar[None](fh)
|
|
921
924
|
|
|
922
925
|
|
|
923
926
|
class EXTENSION_BLOCK_BEEF0005(EXTENSION_BLOCK): # noqa
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.18.
|
|
3
|
+
Version: 3.18.dev16
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -255,7 +255,7 @@ dissect/target/plugins/os/unix/log/lastlog.py,sha256=Wq89wRSFZSBsoKVCxjDofnC4yw9
|
|
|
255
255
|
dissect/target/plugins/os/unix/log/messages.py,sha256=CXA-SkMPLaCgnTQg9nzII-7tO8Il_ENQmuYvDxo33rI,4698
|
|
256
256
|
dissect/target/plugins/os/unix/log/utmp.py,sha256=1nPHIaBUHt_9z6PDrvyqg4huKLihUaWLrMmgMsbaeIo,7755
|
|
257
257
|
dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
258
|
-
dissect/target/plugins/os/windows/_os.py,sha256=
|
|
258
|
+
dissect/target/plugins/os/windows/_os.py,sha256=Iu-xgEqtkycx1yDx4b_GL29pSz1Lew7lUYCByBOmTOE,13127
|
|
259
259
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=Q2aILnhJ2rp2AwEbWwyBuSLjMbGqaYJTsavSbfkcFKE,6741
|
|
260
260
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=fULRFO_I_QxAn6G9SCwlLL-TLVliS13JEGnGotf7lSA,6983
|
|
261
261
|
dissect/target/plugins/os/windows/amcache.py,sha256=ZZNOs3bILTf0AGkDkhoatndl0j39DXkstN7oOyxJECU,27188
|
|
@@ -313,7 +313,7 @@ dissect/target/plugins/os/windows/regf/nethist.py,sha256=QHbG9fmZNmjSVhrgqMvMo12
|
|
|
313
313
|
dissect/target/plugins/os/windows/regf/recentfilecache.py,sha256=goS6ajLIh6ZU-Gq4tupoxBoQCfMDp2qJgg-Nn5qFIsY,1850
|
|
314
314
|
dissect/target/plugins/os/windows/regf/regf.py,sha256=D1GrljF-sV8cWIjWJ3zH7k52i1OWD8poEC_PIeZMEis,3419
|
|
315
315
|
dissect/target/plugins/os/windows/regf/runkeys.py,sha256=-2HcdnVytzCt1xwgAI8rHDnwk8kwLPWURumvhrGnIHU,4278
|
|
316
|
-
dissect/target/plugins/os/windows/regf/shellbags.py,sha256=
|
|
316
|
+
dissect/target/plugins/os/windows/regf/shellbags.py,sha256=hXAqThFkHmGPmhNRSXwMNzw25kAyIC6OOZivgpPEwTQ,25679
|
|
317
317
|
dissect/target/plugins/os/windows/regf/shimcache.py,sha256=no78i0nxbnfgDJ5TpDZNAJggCigD_zLrXNYss7gdg2Q,9994
|
|
318
318
|
dissect/target/plugins/os/windows/regf/trusteddocs.py,sha256=3yvpBDM-Asg0rvGN2TwALGRm9DYogG6TxRau9D6FBbw,3700
|
|
319
319
|
dissect/target/plugins/os/windows/regf/usb.py,sha256=hR5fnqy_sint1YyWgm1-AMhGQ4MxJOH_Wz0vbYzr9p4,7213
|
|
@@ -345,10 +345,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
345
345
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
346
346
|
dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
|
|
347
347
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
348
|
-
dissect.target-3.18.
|
|
349
|
-
dissect.target-3.18.
|
|
350
|
-
dissect.target-3.18.
|
|
351
|
-
dissect.target-3.18.
|
|
352
|
-
dissect.target-3.18.
|
|
353
|
-
dissect.target-3.18.
|
|
354
|
-
dissect.target-3.18.
|
|
348
|
+
dissect.target-3.18.dev16.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
349
|
+
dissect.target-3.18.dev16.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
350
|
+
dissect.target-3.18.dev16.dist-info/METADATA,sha256=HFgrM2p1NkkrKOfp2q-w2d1ZBjaV1g9jKJhmQ5A_8nw,12719
|
|
351
|
+
dissect.target-3.18.dev16.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91
|
|
352
|
+
dissect.target-3.18.dev16.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
|
|
353
|
+
dissect.target-3.18.dev16.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
354
|
+
dissect.target-3.18.dev16.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{dissect.target-3.18.dev14.dist-info → dissect.target-3.18.dev16.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
|
File without changes
|