dissect.target 3.20.2.dev13__py3-none-any.whl → 3.20.2.dev15__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dissect/target/plugins/os/windows/amcache.py +4 -4
- dissect/target/plugins/os/windows/log/amcache.py +3 -3
- dissect/target/plugins/os/windows/log/mssql.py +7 -14
- dissect/target/plugins/os/windows/syscache.py +2 -2
- {dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/METADATA +2 -2
- {dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/RECORD +11 -11
- {dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/WHEEL +1 -1
- {dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/LICENSE +0 -0
- {dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/top_level.txt +0 -0
|
@@ -66,7 +66,7 @@ FileAppcompatRecord = TargetRecordDescriptor(
|
|
|
66
66
|
("varint", "reference"),
|
|
67
67
|
("path", "path"),
|
|
68
68
|
("string", "language_code"),
|
|
69
|
-
("digest", "
|
|
69
|
+
("digest", "digest"),
|
|
70
70
|
("string", "program_id"),
|
|
71
71
|
("string", "pe_header_checksum"),
|
|
72
72
|
("string", "pe_size_of_image"),
|
|
@@ -126,7 +126,7 @@ ApplicationFileAppcompatRecord = TargetRecordDescriptor(
|
|
|
126
126
|
[
|
|
127
127
|
("datetime", "mtime_regf"),
|
|
128
128
|
("string", "program_id"),
|
|
129
|
-
("digest", "
|
|
129
|
+
("digest", "digest"),
|
|
130
130
|
("path", "path"),
|
|
131
131
|
("string", "hash_path"),
|
|
132
132
|
("wstring", "name"),
|
|
@@ -224,7 +224,7 @@ class AmcachePluginOldMixin:
|
|
|
224
224
|
reference=int(subkey.name, 16),
|
|
225
225
|
path=self.target.fs.path(subkey_data["full_path"]) if subkey_data.get("full_path") else None,
|
|
226
226
|
language_code=subkey_data.get("language_code"),
|
|
227
|
-
|
|
227
|
+
digest=(None, subkey_data["sha1"][-40:] if subkey_data.get("sha1") else None, None),
|
|
228
228
|
program_id=subkey_data.get("program_id"),
|
|
229
229
|
pe_header_checksum=subkey_data.get("pe_header_checksum"),
|
|
230
230
|
pe_size_of_image=subkey_data.get("pe_size_of_image"),
|
|
@@ -468,7 +468,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
|
|
|
468
468
|
yield ApplicationFileAppcompatRecord(
|
|
469
469
|
mtime_regf=entry.timestamp,
|
|
470
470
|
program_id=entry_data.get("ProgramId"),
|
|
471
|
-
|
|
471
|
+
digest=(None, sha1_digest, None),
|
|
472
472
|
path=self.target.fs.path(entry_data.get("LowerCaseLongPath")),
|
|
473
473
|
link_date=parse_win_datetime(entry_data.get("LinkDate")),
|
|
474
474
|
hash_path=entry_data.get("LongPathHash"),
|
|
@@ -31,7 +31,7 @@ COMMON_ELEMENTS = [
|
|
|
31
31
|
("string", "bin_file_version"),
|
|
32
32
|
("string", "bin_product_version"),
|
|
33
33
|
("string", "binary_type"),
|
|
34
|
-
("digest", "
|
|
34
|
+
("digest", "digest"),
|
|
35
35
|
("wstring", "file_version"),
|
|
36
36
|
("wstring", "company_name"),
|
|
37
37
|
("wstring", "file_description"),
|
|
@@ -82,11 +82,11 @@ def create_record(
|
|
|
82
82
|
size_of_image=install_properties.get("sizeofimage"),
|
|
83
83
|
file_description=install_properties.get("filedescription"),
|
|
84
84
|
size=install_properties.get("size"),
|
|
85
|
-
|
|
85
|
+
digest=(
|
|
86
86
|
None,
|
|
87
87
|
install_properties.get("id")[4:],
|
|
88
88
|
None,
|
|
89
|
-
|
|
89
|
+
), # remove leading zeros from the entry to create a sha1 hash
|
|
90
90
|
company_name=install_properties.get("companyname"),
|
|
91
91
|
binary_type=install_properties.get("binarytype"),
|
|
92
92
|
bin_product_version=install_properties.get("binproductversion"),
|
|
@@ -35,7 +35,7 @@ class MssqlPlugin(Plugin):
|
|
|
35
35
|
|
|
36
36
|
__namespace__ = "mssql"
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
MSSQL_KEY_GLOB = "HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\MSSQL*.*"
|
|
39
39
|
FILE_GLOB = "ERRORLOG*"
|
|
40
40
|
|
|
41
41
|
def __init__(self, target: Target):
|
|
@@ -44,7 +44,7 @@ class MssqlPlugin(Plugin):
|
|
|
44
44
|
|
|
45
45
|
def check_compatible(self) -> None:
|
|
46
46
|
if not self.instances:
|
|
47
|
-
raise UnsupportedPluginError("
|
|
47
|
+
raise UnsupportedPluginError("No Microsoft SQL Server instances have been found")
|
|
48
48
|
|
|
49
49
|
@export(record=MssqlErrorlogRecord)
|
|
50
50
|
def errorlog(self) -> Iterator[MssqlErrorlogRecord]:
|
|
@@ -89,15 +89,8 @@ class MssqlPlugin(Plugin):
|
|
|
89
89
|
|
|
90
90
|
buf += line
|
|
91
91
|
|
|
92
|
-
def _find_instances(self) ->
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
instances.append(
|
|
98
|
-
(
|
|
99
|
-
subkey.name,
|
|
100
|
-
self.target.fs.path(subkey.subkey("SQLServerAgent").value("ErrorLogFile").value).parent,
|
|
101
|
-
)
|
|
102
|
-
)
|
|
103
|
-
return instances
|
|
92
|
+
def _find_instances(self) -> set[str, TargetPath]:
|
|
93
|
+
return {
|
|
94
|
+
(subkey.name, self.target.fs.path(subkey.subkey("SQLServerAgent").value("ErrorLogFile").value).parent)
|
|
95
|
+
for subkey in self.target.registry.glob_ext(self.MSSQL_KEY_GLOB)
|
|
96
|
+
}
|
|
@@ -11,7 +11,7 @@ SyscacheRecord = TargetRecordDescriptor(
|
|
|
11
11
|
"windows/syscache/object",
|
|
12
12
|
[
|
|
13
13
|
("datetime", "regf_mtime"),
|
|
14
|
-
("digest", "
|
|
14
|
+
("digest", "digest"),
|
|
15
15
|
("string", "program_id"),
|
|
16
16
|
("string", "file_id"),
|
|
17
17
|
("varint", "object_id"),
|
|
@@ -84,7 +84,7 @@ class SyscachePlugin(Plugin):
|
|
|
84
84
|
|
|
85
85
|
yield SyscacheRecord(
|
|
86
86
|
regf_mtime=subkey.ts,
|
|
87
|
-
|
|
87
|
+
digest=(None, ae_file_id[4:] if ae_file_id else None, None),
|
|
88
88
|
program_id=ae_program_id,
|
|
89
89
|
file_id=f"{file_segment}#{file_id >> 48}",
|
|
90
90
|
object_id=subkey.value("_ObjectId_").value,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
Metadata-Version: 2.
|
|
1
|
+
Metadata-Version: 2.2
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.20.2.
|
|
3
|
+
Version: 3.20.2.dev15
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -280,7 +280,7 @@ dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeR
|
|
|
280
280
|
dissect/target/plugins/os/windows/_os.py,sha256=SUTfCPEVi2ADfjsQQJad6dEsnKUzRtsKJXOlEuiT9Xk,12462
|
|
281
281
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=_I-rc7hAKRgqfFexsJq5nkIAV3E31byG4KeBQeDBehg,7051
|
|
282
282
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
|
|
283
|
-
dissect/target/plugins/os/windows/amcache.py,sha256=
|
|
283
|
+
dissect/target/plugins/os/windows/amcache.py,sha256=PEQry72tVtMOdKkvlxfJhObj8OuJMnA8mG-7G-dB0bk,27604
|
|
284
284
|
dissect/target/plugins/os/windows/catroot.py,sha256=59KfdNPcoA5NQtpj4_e3wzPDsyB1RYIu049UeIhLuEk,11390
|
|
285
285
|
dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
|
|
286
286
|
dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
|
|
@@ -299,7 +299,7 @@ dissect/target/plugins/os/windows/registry.py,sha256=f6ka__6KXvdqRMRRJzlCAYaIpTZ
|
|
|
299
299
|
dissect/target/plugins/os/windows/services.py,sha256=Q3_ZNYvWBXHVsNYwNAaiV93oHI0j0PJ9f1a2MJbR93E,6131
|
|
300
300
|
dissect/target/plugins/os/windows/sru.py,sha256=sOM7CyMkW8XIXzI75GL69WoqUrSK2X99TFIfdQR2D64,17767
|
|
301
301
|
dissect/target/plugins/os/windows/startupinfo.py,sha256=LarIAfB-sB6rzmh1rzxhiGWqy3VupKMpWLUpN1azB2I,3574
|
|
302
|
-
dissect/target/plugins/os/windows/syscache.py,sha256=
|
|
302
|
+
dissect/target/plugins/os/windows/syscache.py,sha256=kR3Pc-Irtz6Ob2pv2CkKCWrL17LENxplNoer9VaOa2s,3540
|
|
303
303
|
dissect/target/plugins/os/windows/tasks.py,sha256=Bpy3tosncnFuGRqomEtB1jwJCVehZq4suhUznjtq4wo,5718
|
|
304
304
|
dissect/target/plugins/os/windows/thumbcache.py,sha256=jAceapDdP9bNLGZchJ1l1okm7_7xiYHRbI2hVGAzMPk,4249
|
|
305
305
|
dissect/target/plugins/os/windows/ual.py,sha256=S43ltndKKrs2SqeDLgZv4dzdqtJD8c3Y0Z8FK-Y9IOA,10076
|
|
@@ -326,11 +326,11 @@ dissect/target/plugins/os/windows/dpapi/keyprovider/lsa.py,sha256=QU3Hj5todELhSo
|
|
|
326
326
|
dissect/target/plugins/os/windows/exchange/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
327
327
|
dissect/target/plugins/os/windows/exchange/exchange.py,sha256=40x9_KOmoW24Z-S4eJiczBsOEyZFjwBoU2um86szqMg,1644
|
|
328
328
|
dissect/target/plugins/os/windows/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
329
|
-
dissect/target/plugins/os/windows/log/amcache.py,sha256=
|
|
329
|
+
dissect/target/plugins/os/windows/log/amcache.py,sha256=IsgUZgKW0Ayhd-5obcERJJLvCC1KD0P5ie7PlWComRA,5875
|
|
330
330
|
dissect/target/plugins/os/windows/log/etl.py,sha256=t5GpunjzYMvAO9CBOP1ynH6053_PlasnIEIvlLNLU10,7255
|
|
331
331
|
dissect/target/plugins/os/windows/log/evt.py,sha256=pYRVK3u309yK5pJoogohHWV2a_Lev8FK2zte_ys4SN8,7133
|
|
332
332
|
dissect/target/plugins/os/windows/log/evtx.py,sha256=eSnMkU7HRmIDZ19WRsF9li08HuEOo51pRJDN2JOua5U,6148
|
|
333
|
-
dissect/target/plugins/os/windows/log/mssql.py,sha256=
|
|
333
|
+
dissect/target/plugins/os/windows/log/mssql.py,sha256=YB0BfaW1j6UzPf90n9vP7M_ez-Ufq1enpNsBmwgSk4U,3542
|
|
334
334
|
dissect/target/plugins/os/windows/log/pfro.py,sha256=d53Mm7ovZa9crSwVRPwjMVxTd_jCGtE1Kv07GslX9_s,2789
|
|
335
335
|
dissect/target/plugins/os/windows/log/schedlgu.py,sha256=JaP8H8eTEypWXhx2aFSR_IMam6rQiksbLKhMr_U4fz8,5570
|
|
336
336
|
dissect/target/plugins/os/windows/regf/7zip.py,sha256=Ox8cLyQtbyYQS7m4eY3onNv1K8N2IkS5wexrC55Urd4,3444
|
|
@@ -383,10 +383,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
383
383
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
384
384
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
|
385
385
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
386
|
-
dissect.target-3.20.2.
|
|
387
|
-
dissect.target-3.20.2.
|
|
388
|
-
dissect.target-3.20.2.
|
|
389
|
-
dissect.target-3.20.2.
|
|
390
|
-
dissect.target-3.20.2.
|
|
391
|
-
dissect.target-3.20.2.
|
|
392
|
-
dissect.target-3.20.2.
|
|
386
|
+
dissect.target-3.20.2.dev15.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
387
|
+
dissect.target-3.20.2.dev15.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
388
|
+
dissect.target-3.20.2.dev15.dist-info/METADATA,sha256=FH0zPNArdOL1Cw_baWdBdKn4_nFjYVKolpY_iHD1iQM,13184
|
|
389
|
+
dissect.target-3.20.2.dev15.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
|
|
390
|
+
dissect.target-3.20.2.dev15.dist-info/entry_points.txt,sha256=yQwLCWUuzHgS6-sfCcRk66gAfoCfqXdCjqKjvhnQW8o,537
|
|
391
|
+
dissect.target-3.20.2.dev15.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
392
|
+
dissect.target-3.20.2.dev15.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
{dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{dissect.target-3.20.2.dev13.dist-info → dissect.target-3.20.2.dev15.dist-info}/top_level.txt
RENAMED
|
File without changes
|