dissect.target 3.20.2.dev14__py3-none-any.whl → 3.20.2.dev16__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/plugins/os/windows/amcache.py +4 -4
- dissect/target/plugins/os/windows/log/amcache.py +3 -3
- dissect/target/plugins/os/windows/syscache.py +2 -2
- dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +5 -3
- dissect/target/plugins/os/windows/tasks.py +9 -9
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/METADATA +2 -2
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/RECORD +12 -12
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/WHEEL +1 -1
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/LICENSE +0 -0
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/top_level.txt +0 -0
|
@@ -66,7 +66,7 @@ FileAppcompatRecord = TargetRecordDescriptor(
|
|
|
66
66
|
("varint", "reference"),
|
|
67
67
|
("path", "path"),
|
|
68
68
|
("string", "language_code"),
|
|
69
|
-
("digest", "
|
|
69
|
+
("digest", "digest"),
|
|
70
70
|
("string", "program_id"),
|
|
71
71
|
("string", "pe_header_checksum"),
|
|
72
72
|
("string", "pe_size_of_image"),
|
|
@@ -126,7 +126,7 @@ ApplicationFileAppcompatRecord = TargetRecordDescriptor(
|
|
|
126
126
|
[
|
|
127
127
|
("datetime", "mtime_regf"),
|
|
128
128
|
("string", "program_id"),
|
|
129
|
-
("digest", "
|
|
129
|
+
("digest", "digest"),
|
|
130
130
|
("path", "path"),
|
|
131
131
|
("string", "hash_path"),
|
|
132
132
|
("wstring", "name"),
|
|
@@ -224,7 +224,7 @@ class AmcachePluginOldMixin:
|
|
|
224
224
|
reference=int(subkey.name, 16),
|
|
225
225
|
path=self.target.fs.path(subkey_data["full_path"]) if subkey_data.get("full_path") else None,
|
|
226
226
|
language_code=subkey_data.get("language_code"),
|
|
227
|
-
|
|
227
|
+
digest=(None, subkey_data["sha1"][-40:] if subkey_data.get("sha1") else None, None),
|
|
228
228
|
program_id=subkey_data.get("program_id"),
|
|
229
229
|
pe_header_checksum=subkey_data.get("pe_header_checksum"),
|
|
230
230
|
pe_size_of_image=subkey_data.get("pe_size_of_image"),
|
|
@@ -468,7 +468,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
|
|
|
468
468
|
yield ApplicationFileAppcompatRecord(
|
|
469
469
|
mtime_regf=entry.timestamp,
|
|
470
470
|
program_id=entry_data.get("ProgramId"),
|
|
471
|
-
|
|
471
|
+
digest=(None, sha1_digest, None),
|
|
472
472
|
path=self.target.fs.path(entry_data.get("LowerCaseLongPath")),
|
|
473
473
|
link_date=parse_win_datetime(entry_data.get("LinkDate")),
|
|
474
474
|
hash_path=entry_data.get("LongPathHash"),
|
|
@@ -31,7 +31,7 @@ COMMON_ELEMENTS = [
|
|
|
31
31
|
("string", "bin_file_version"),
|
|
32
32
|
("string", "bin_product_version"),
|
|
33
33
|
("string", "binary_type"),
|
|
34
|
-
("digest", "
|
|
34
|
+
("digest", "digest"),
|
|
35
35
|
("wstring", "file_version"),
|
|
36
36
|
("wstring", "company_name"),
|
|
37
37
|
("wstring", "file_description"),
|
|
@@ -82,11 +82,11 @@ def create_record(
|
|
|
82
82
|
size_of_image=install_properties.get("sizeofimage"),
|
|
83
83
|
file_description=install_properties.get("filedescription"),
|
|
84
84
|
size=install_properties.get("size"),
|
|
85
|
-
|
|
85
|
+
digest=(
|
|
86
86
|
None,
|
|
87
87
|
install_properties.get("id")[4:],
|
|
88
88
|
None,
|
|
89
|
-
|
|
89
|
+
), # remove leading zeros from the entry to create a sha1 hash
|
|
90
90
|
company_name=install_properties.get("companyname"),
|
|
91
91
|
binary_type=install_properties.get("binarytype"),
|
|
92
92
|
bin_product_version=install_properties.get("binproductversion"),
|
|
@@ -11,7 +11,7 @@ SyscacheRecord = TargetRecordDescriptor(
|
|
|
11
11
|
"windows/syscache/object",
|
|
12
12
|
[
|
|
13
13
|
("datetime", "regf_mtime"),
|
|
14
|
-
("digest", "
|
|
14
|
+
("digest", "digest"),
|
|
15
15
|
("string", "program_id"),
|
|
16
16
|
("string", "file_id"),
|
|
17
17
|
("varint", "object_id"),
|
|
@@ -84,7 +84,7 @@ class SyscachePlugin(Plugin):
|
|
|
84
84
|
|
|
85
85
|
yield SyscacheRecord(
|
|
86
86
|
regf_mtime=subkey.ts,
|
|
87
|
-
|
|
87
|
+
digest=(None, ae_file_id[4:] if ae_file_id else None, None),
|
|
88
88
|
program_id=ae_program_id,
|
|
89
89
|
file_id=f"{file_segment}#{file_id >> 48}",
|
|
90
90
|
object_id=subkey.value("_ObjectId_").value,
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
1
3
|
import warnings
|
|
2
4
|
from typing import Iterator, Optional
|
|
3
5
|
from xml.etree.ElementTree import Element
|
|
@@ -157,8 +159,8 @@ class XmlTask:
|
|
|
157
159
|
return data
|
|
158
160
|
|
|
159
161
|
def get_element(
|
|
160
|
-
self, xml_path: str, xml_data:
|
|
161
|
-
) ->
|
|
162
|
+
self, xml_path: str, xml_data: Element | None = None, attribute: Optional[str] = None
|
|
163
|
+
) -> str | None:
|
|
162
164
|
"""Get the value of the specified XML element.
|
|
163
165
|
|
|
164
166
|
Args:
|
|
@@ -179,7 +181,7 @@ class XmlTask:
|
|
|
179
181
|
|
|
180
182
|
return data.text
|
|
181
183
|
|
|
182
|
-
def get_raw(self, xml_path:
|
|
184
|
+
def get_raw(self, xml_path: str | None = None) -> str:
|
|
183
185
|
"""Get the raw XML data of the specified element.
|
|
184
186
|
|
|
185
187
|
Args:
|
|
@@ -1,21 +1,16 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
|
-
import
|
|
4
|
-
import warnings
|
|
5
|
-
from typing import Iterator, Union
|
|
3
|
+
from typing import Iterator
|
|
6
4
|
|
|
7
5
|
from flow.record import GroupedRecord
|
|
8
6
|
|
|
9
7
|
from dissect.target import Target
|
|
10
|
-
from dissect.target.exceptions import UnsupportedPluginError
|
|
8
|
+
from dissect.target.exceptions import InvalidTaskError, UnsupportedPluginError
|
|
11
9
|
from dissect.target.helpers.record import DynamicDescriptor, TargetRecordDescriptor
|
|
12
10
|
from dissect.target.plugin import Plugin, export
|
|
13
11
|
from dissect.target.plugins.os.windows.task_helpers.tasks_job import AtTask
|
|
14
12
|
from dissect.target.plugins.os.windows.task_helpers.tasks_xml import ScheduledTasks
|
|
15
13
|
|
|
16
|
-
warnings.simplefilter(action="ignore", category=FutureWarning)
|
|
17
|
-
log = logging.getLogger(__name__)
|
|
18
|
-
|
|
19
14
|
TaskRecord = TargetRecordDescriptor(
|
|
20
15
|
"filesystem/windows/task",
|
|
21
16
|
[
|
|
@@ -118,7 +113,7 @@ class TasksPlugin(Plugin):
|
|
|
118
113
|
raise UnsupportedPluginError("No task files")
|
|
119
114
|
|
|
120
115
|
@export(record=DynamicDescriptor(["path", "datetime"]))
|
|
121
|
-
def tasks(self) -> Iterator[
|
|
116
|
+
def tasks(self) -> Iterator[TaskRecord | GroupedRecord]:
|
|
122
117
|
"""Return all scheduled tasks on a Windows system.
|
|
123
118
|
|
|
124
119
|
On a Windows system, a scheduled task is a program or script that is executed on a specific time or at specific
|
|
@@ -132,7 +127,12 @@ class TasksPlugin(Plugin):
|
|
|
132
127
|
"""
|
|
133
128
|
for task_file in self.task_files:
|
|
134
129
|
if not task_file.suffix or task_file.suffix == ".xml":
|
|
135
|
-
|
|
130
|
+
try:
|
|
131
|
+
task_objects = ScheduledTasks(task_file).tasks
|
|
132
|
+
except InvalidTaskError as e:
|
|
133
|
+
self.target.log.warning("Invalid task file encountered: %s", task_file)
|
|
134
|
+
self.target.log.debug("", exc_info=e)
|
|
135
|
+
continue
|
|
136
136
|
else:
|
|
137
137
|
task_objects = [AtTask(task_file, self.target)]
|
|
138
138
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
Metadata-Version: 2.
|
|
1
|
+
Metadata-Version: 2.2
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.20.2.
|
|
3
|
+
Version: 3.20.2.dev16
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -280,7 +280,7 @@ dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeR
|
|
|
280
280
|
dissect/target/plugins/os/windows/_os.py,sha256=SUTfCPEVi2ADfjsQQJad6dEsnKUzRtsKJXOlEuiT9Xk,12462
|
|
281
281
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=_I-rc7hAKRgqfFexsJq5nkIAV3E31byG4KeBQeDBehg,7051
|
|
282
282
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
|
|
283
|
-
dissect/target/plugins/os/windows/amcache.py,sha256=
|
|
283
|
+
dissect/target/plugins/os/windows/amcache.py,sha256=PEQry72tVtMOdKkvlxfJhObj8OuJMnA8mG-7G-dB0bk,27604
|
|
284
284
|
dissect/target/plugins/os/windows/catroot.py,sha256=59KfdNPcoA5NQtpj4_e3wzPDsyB1RYIu049UeIhLuEk,11390
|
|
285
285
|
dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
|
|
286
286
|
dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
|
|
@@ -299,8 +299,8 @@ dissect/target/plugins/os/windows/registry.py,sha256=f6ka__6KXvdqRMRRJzlCAYaIpTZ
|
|
|
299
299
|
dissect/target/plugins/os/windows/services.py,sha256=Q3_ZNYvWBXHVsNYwNAaiV93oHI0j0PJ9f1a2MJbR93E,6131
|
|
300
300
|
dissect/target/plugins/os/windows/sru.py,sha256=sOM7CyMkW8XIXzI75GL69WoqUrSK2X99TFIfdQR2D64,17767
|
|
301
301
|
dissect/target/plugins/os/windows/startupinfo.py,sha256=LarIAfB-sB6rzmh1rzxhiGWqy3VupKMpWLUpN1azB2I,3574
|
|
302
|
-
dissect/target/plugins/os/windows/syscache.py,sha256=
|
|
303
|
-
dissect/target/plugins/os/windows/tasks.py,sha256=
|
|
302
|
+
dissect/target/plugins/os/windows/syscache.py,sha256=kR3Pc-Irtz6Ob2pv2CkKCWrL17LENxplNoer9VaOa2s,3540
|
|
303
|
+
dissect/target/plugins/os/windows/tasks.py,sha256=Pm_PhRbFEBvYxFmKgvXi01RjDW6l9Kh4LpptqCU8Frc,5844
|
|
304
304
|
dissect/target/plugins/os/windows/thumbcache.py,sha256=jAceapDdP9bNLGZchJ1l1okm7_7xiYHRbI2hVGAzMPk,4249
|
|
305
305
|
dissect/target/plugins/os/windows/ual.py,sha256=S43ltndKKrs2SqeDLgZv4dzdqtJD8c3Y0Z8FK-Y9IOA,10076
|
|
306
306
|
dissect/target/plugins/os/windows/wer.py,sha256=y4ZU6Yai53UsZ4VLr0V9_uLhZJZ_UEtdPuNzxKbGoEY,9269
|
|
@@ -326,7 +326,7 @@ dissect/target/plugins/os/windows/dpapi/keyprovider/lsa.py,sha256=QU3Hj5todELhSo
|
|
|
326
326
|
dissect/target/plugins/os/windows/exchange/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
327
327
|
dissect/target/plugins/os/windows/exchange/exchange.py,sha256=40x9_KOmoW24Z-S4eJiczBsOEyZFjwBoU2um86szqMg,1644
|
|
328
328
|
dissect/target/plugins/os/windows/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
329
|
-
dissect/target/plugins/os/windows/log/amcache.py,sha256=
|
|
329
|
+
dissect/target/plugins/os/windows/log/amcache.py,sha256=IsgUZgKW0Ayhd-5obcERJJLvCC1KD0P5ie7PlWComRA,5875
|
|
330
330
|
dissect/target/plugins/os/windows/log/etl.py,sha256=t5GpunjzYMvAO9CBOP1ynH6053_PlasnIEIvlLNLU10,7255
|
|
331
331
|
dissect/target/plugins/os/windows/log/evt.py,sha256=pYRVK3u309yK5pJoogohHWV2a_Lev8FK2zte_ys4SN8,7133
|
|
332
332
|
dissect/target/plugins/os/windows/log/evtx.py,sha256=eSnMkU7HRmIDZ19WRsF9li08HuEOo51pRJDN2JOua5U,6148
|
|
@@ -356,7 +356,7 @@ dissect/target/plugins/os/windows/regf/userassist.py,sha256=E9Iwel4-BO9M-6BZ8fro
|
|
|
356
356
|
dissect/target/plugins/os/windows/task_helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
357
357
|
dissect/target/plugins/os/windows/task_helpers/tasks_job.py,sha256=7w3UGOiTAUQkP3xQ3sj4X3MTgHUJmmfdgiEadWmYquI,21197
|
|
358
358
|
dissect/target/plugins/os/windows/task_helpers/tasks_records.py,sha256=vpCyKqLQSzI5ymD1h5P6RncLEE47YtmjDFwKA16dVZ4,4046
|
|
359
|
-
dissect/target/plugins/os/windows/task_helpers/tasks_xml.py,sha256=
|
|
359
|
+
dissect/target/plugins/os/windows/task_helpers/tasks_xml.py,sha256=3D30BIuWGHuZtnvRmV53XgFDFuXSYEUqrMiKJJrWH8Q,15307
|
|
360
360
|
dissect/target/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
361
361
|
dissect/target/tools/build_pluginlist.py,sha256=5fomcuMwsVzcnYx5Htf5f9lSwsLeUUvomLUXNA4t7m4,849
|
|
362
362
|
dissect/target/tools/dd.py,sha256=rTM-lgXxrYBpVAtJqFqAatDz45bLoD8-mFt_59Q3Lio,1928
|
|
@@ -383,10 +383,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
383
383
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
384
384
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
|
385
385
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
386
|
-
dissect.target-3.20.2.
|
|
387
|
-
dissect.target-3.20.2.
|
|
388
|
-
dissect.target-3.20.2.
|
|
389
|
-
dissect.target-3.20.2.
|
|
390
|
-
dissect.target-3.20.2.
|
|
391
|
-
dissect.target-3.20.2.
|
|
392
|
-
dissect.target-3.20.2.
|
|
386
|
+
dissect.target-3.20.2.dev16.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
387
|
+
dissect.target-3.20.2.dev16.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
388
|
+
dissect.target-3.20.2.dev16.dist-info/METADATA,sha256=ZVQ6JUTNyfe_3NFIUrieaQtNAKVu2sBkIfPZ21Ho7UE,13184
|
|
389
|
+
dissect.target-3.20.2.dev16.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
|
|
390
|
+
dissect.target-3.20.2.dev16.dist-info/entry_points.txt,sha256=yQwLCWUuzHgS6-sfCcRk66gAfoCfqXdCjqKjvhnQW8o,537
|
|
391
|
+
dissect.target-3.20.2.dev16.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
392
|
+
dissect.target-3.20.2.dev16.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
{dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/top_level.txt
RENAMED
|
File without changes
|