dissect.target 3.20.2.dev14__py3-none-any.whl → 3.20.2.dev16__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dissect/target/plugins/os/windows/amcache.py +4 -4
- dissect/target/plugins/os/windows/log/amcache.py +3 -3
- dissect/target/plugins/os/windows/syscache.py +2 -2
- dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +5 -3
- dissect/target/plugins/os/windows/tasks.py +9 -9
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/METADATA +2 -2
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/RECORD +12 -12
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/WHEEL +1 -1
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/LICENSE +0 -0
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/top_level.txt +0 -0
|
@@ -66,7 +66,7 @@ FileAppcompatRecord = TargetRecordDescriptor(
|
|
|
66
66
|
("varint", "reference"),
|
|
67
67
|
("path", "path"),
|
|
68
68
|
("string", "language_code"),
|
|
69
|
-
("digest", "
|
|
69
|
+
("digest", "digest"),
|
|
70
70
|
("string", "program_id"),
|
|
71
71
|
("string", "pe_header_checksum"),
|
|
72
72
|
("string", "pe_size_of_image"),
|
|
@@ -126,7 +126,7 @@ ApplicationFileAppcompatRecord = TargetRecordDescriptor(
|
|
|
126
126
|
[
|
|
127
127
|
("datetime", "mtime_regf"),
|
|
128
128
|
("string", "program_id"),
|
|
129
|
-
("digest", "
|
|
129
|
+
("digest", "digest"),
|
|
130
130
|
("path", "path"),
|
|
131
131
|
("string", "hash_path"),
|
|
132
132
|
("wstring", "name"),
|
|
@@ -224,7 +224,7 @@ class AmcachePluginOldMixin:
|
|
|
224
224
|
reference=int(subkey.name, 16),
|
|
225
225
|
path=self.target.fs.path(subkey_data["full_path"]) if subkey_data.get("full_path") else None,
|
|
226
226
|
language_code=subkey_data.get("language_code"),
|
|
227
|
-
|
|
227
|
+
digest=(None, subkey_data["sha1"][-40:] if subkey_data.get("sha1") else None, None),
|
|
228
228
|
program_id=subkey_data.get("program_id"),
|
|
229
229
|
pe_header_checksum=subkey_data.get("pe_header_checksum"),
|
|
230
230
|
pe_size_of_image=subkey_data.get("pe_size_of_image"),
|
|
@@ -468,7 +468,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
|
|
|
468
468
|
yield ApplicationFileAppcompatRecord(
|
|
469
469
|
mtime_regf=entry.timestamp,
|
|
470
470
|
program_id=entry_data.get("ProgramId"),
|
|
471
|
-
|
|
471
|
+
digest=(None, sha1_digest, None),
|
|
472
472
|
path=self.target.fs.path(entry_data.get("LowerCaseLongPath")),
|
|
473
473
|
link_date=parse_win_datetime(entry_data.get("LinkDate")),
|
|
474
474
|
hash_path=entry_data.get("LongPathHash"),
|
|
@@ -31,7 +31,7 @@ COMMON_ELEMENTS = [
|
|
|
31
31
|
("string", "bin_file_version"),
|
|
32
32
|
("string", "bin_product_version"),
|
|
33
33
|
("string", "binary_type"),
|
|
34
|
-
("digest", "
|
|
34
|
+
("digest", "digest"),
|
|
35
35
|
("wstring", "file_version"),
|
|
36
36
|
("wstring", "company_name"),
|
|
37
37
|
("wstring", "file_description"),
|
|
@@ -82,11 +82,11 @@ def create_record(
|
|
|
82
82
|
size_of_image=install_properties.get("sizeofimage"),
|
|
83
83
|
file_description=install_properties.get("filedescription"),
|
|
84
84
|
size=install_properties.get("size"),
|
|
85
|
-
|
|
85
|
+
digest=(
|
|
86
86
|
None,
|
|
87
87
|
install_properties.get("id")[4:],
|
|
88
88
|
None,
|
|
89
|
-
|
|
89
|
+
), # remove leading zeros from the entry to create a sha1 hash
|
|
90
90
|
company_name=install_properties.get("companyname"),
|
|
91
91
|
binary_type=install_properties.get("binarytype"),
|
|
92
92
|
bin_product_version=install_properties.get("binproductversion"),
|
|
@@ -11,7 +11,7 @@ SyscacheRecord = TargetRecordDescriptor(
|
|
|
11
11
|
"windows/syscache/object",
|
|
12
12
|
[
|
|
13
13
|
("datetime", "regf_mtime"),
|
|
14
|
-
("digest", "
|
|
14
|
+
("digest", "digest"),
|
|
15
15
|
("string", "program_id"),
|
|
16
16
|
("string", "file_id"),
|
|
17
17
|
("varint", "object_id"),
|
|
@@ -84,7 +84,7 @@ class SyscachePlugin(Plugin):
|
|
|
84
84
|
|
|
85
85
|
yield SyscacheRecord(
|
|
86
86
|
regf_mtime=subkey.ts,
|
|
87
|
-
|
|
87
|
+
digest=(None, ae_file_id[4:] if ae_file_id else None, None),
|
|
88
88
|
program_id=ae_program_id,
|
|
89
89
|
file_id=f"{file_segment}#{file_id >> 48}",
|
|
90
90
|
object_id=subkey.value("_ObjectId_").value,
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
1
3
|
import warnings
|
|
2
4
|
from typing import Iterator, Optional
|
|
3
5
|
from xml.etree.ElementTree import Element
|
|
@@ -157,8 +159,8 @@ class XmlTask:
|
|
|
157
159
|
return data
|
|
158
160
|
|
|
159
161
|
def get_element(
|
|
160
|
-
self, xml_path: str, xml_data:
|
|
161
|
-
) ->
|
|
162
|
+
self, xml_path: str, xml_data: Element | None = None, attribute: Optional[str] = None
|
|
163
|
+
) -> str | None:
|
|
162
164
|
"""Get the value of the specified XML element.
|
|
163
165
|
|
|
164
166
|
Args:
|
|
@@ -179,7 +181,7 @@ class XmlTask:
|
|
|
179
181
|
|
|
180
182
|
return data.text
|
|
181
183
|
|
|
182
|
-
def get_raw(self, xml_path:
|
|
184
|
+
def get_raw(self, xml_path: str | None = None) -> str:
|
|
183
185
|
"""Get the raw XML data of the specified element.
|
|
184
186
|
|
|
185
187
|
Args:
|
|
@@ -1,21 +1,16 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
|
-
import
|
|
4
|
-
import warnings
|
|
5
|
-
from typing import Iterator, Union
|
|
3
|
+
from typing import Iterator
|
|
6
4
|
|
|
7
5
|
from flow.record import GroupedRecord
|
|
8
6
|
|
|
9
7
|
from dissect.target import Target
|
|
10
|
-
from dissect.target.exceptions import UnsupportedPluginError
|
|
8
|
+
from dissect.target.exceptions import InvalidTaskError, UnsupportedPluginError
|
|
11
9
|
from dissect.target.helpers.record import DynamicDescriptor, TargetRecordDescriptor
|
|
12
10
|
from dissect.target.plugin import Plugin, export
|
|
13
11
|
from dissect.target.plugins.os.windows.task_helpers.tasks_job import AtTask
|
|
14
12
|
from dissect.target.plugins.os.windows.task_helpers.tasks_xml import ScheduledTasks
|
|
15
13
|
|
|
16
|
-
warnings.simplefilter(action="ignore", category=FutureWarning)
|
|
17
|
-
log = logging.getLogger(__name__)
|
|
18
|
-
|
|
19
14
|
TaskRecord = TargetRecordDescriptor(
|
|
20
15
|
"filesystem/windows/task",
|
|
21
16
|
[
|
|
@@ -118,7 +113,7 @@ class TasksPlugin(Plugin):
|
|
|
118
113
|
raise UnsupportedPluginError("No task files")
|
|
119
114
|
|
|
120
115
|
@export(record=DynamicDescriptor(["path", "datetime"]))
|
|
121
|
-
def tasks(self) -> Iterator[
|
|
116
|
+
def tasks(self) -> Iterator[TaskRecord | GroupedRecord]:
|
|
122
117
|
"""Return all scheduled tasks on a Windows system.
|
|
123
118
|
|
|
124
119
|
On a Windows system, a scheduled task is a program or script that is executed on a specific time or at specific
|
|
@@ -132,7 +127,12 @@ class TasksPlugin(Plugin):
|
|
|
132
127
|
"""
|
|
133
128
|
for task_file in self.task_files:
|
|
134
129
|
if not task_file.suffix or task_file.suffix == ".xml":
|
|
135
|
-
|
|
130
|
+
try:
|
|
131
|
+
task_objects = ScheduledTasks(task_file).tasks
|
|
132
|
+
except InvalidTaskError as e:
|
|
133
|
+
self.target.log.warning("Invalid task file encountered: %s", task_file)
|
|
134
|
+
self.target.log.debug("", exc_info=e)
|
|
135
|
+
continue
|
|
136
136
|
else:
|
|
137
137
|
task_objects = [AtTask(task_file, self.target)]
|
|
138
138
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
Metadata-Version: 2.
|
|
1
|
+
Metadata-Version: 2.2
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.20.2.
|
|
3
|
+
Version: 3.20.2.dev16
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -280,7 +280,7 @@ dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeR
|
|
|
280
280
|
dissect/target/plugins/os/windows/_os.py,sha256=SUTfCPEVi2ADfjsQQJad6dEsnKUzRtsKJXOlEuiT9Xk,12462
|
|
281
281
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=_I-rc7hAKRgqfFexsJq5nkIAV3E31byG4KeBQeDBehg,7051
|
|
282
282
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
|
|
283
|
-
dissect/target/plugins/os/windows/amcache.py,sha256=
|
|
283
|
+
dissect/target/plugins/os/windows/amcache.py,sha256=PEQry72tVtMOdKkvlxfJhObj8OuJMnA8mG-7G-dB0bk,27604
|
|
284
284
|
dissect/target/plugins/os/windows/catroot.py,sha256=59KfdNPcoA5NQtpj4_e3wzPDsyB1RYIu049UeIhLuEk,11390
|
|
285
285
|
dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
|
|
286
286
|
dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
|
|
@@ -299,8 +299,8 @@ dissect/target/plugins/os/windows/registry.py,sha256=f6ka__6KXvdqRMRRJzlCAYaIpTZ
|
|
|
299
299
|
dissect/target/plugins/os/windows/services.py,sha256=Q3_ZNYvWBXHVsNYwNAaiV93oHI0j0PJ9f1a2MJbR93E,6131
|
|
300
300
|
dissect/target/plugins/os/windows/sru.py,sha256=sOM7CyMkW8XIXzI75GL69WoqUrSK2X99TFIfdQR2D64,17767
|
|
301
301
|
dissect/target/plugins/os/windows/startupinfo.py,sha256=LarIAfB-sB6rzmh1rzxhiGWqy3VupKMpWLUpN1azB2I,3574
|
|
302
|
-
dissect/target/plugins/os/windows/syscache.py,sha256=
|
|
303
|
-
dissect/target/plugins/os/windows/tasks.py,sha256=
|
|
302
|
+
dissect/target/plugins/os/windows/syscache.py,sha256=kR3Pc-Irtz6Ob2pv2CkKCWrL17LENxplNoer9VaOa2s,3540
|
|
303
|
+
dissect/target/plugins/os/windows/tasks.py,sha256=Pm_PhRbFEBvYxFmKgvXi01RjDW6l9Kh4LpptqCU8Frc,5844
|
|
304
304
|
dissect/target/plugins/os/windows/thumbcache.py,sha256=jAceapDdP9bNLGZchJ1l1okm7_7xiYHRbI2hVGAzMPk,4249
|
|
305
305
|
dissect/target/plugins/os/windows/ual.py,sha256=S43ltndKKrs2SqeDLgZv4dzdqtJD8c3Y0Z8FK-Y9IOA,10076
|
|
306
306
|
dissect/target/plugins/os/windows/wer.py,sha256=y4ZU6Yai53UsZ4VLr0V9_uLhZJZ_UEtdPuNzxKbGoEY,9269
|
|
@@ -326,7 +326,7 @@ dissect/target/plugins/os/windows/dpapi/keyprovider/lsa.py,sha256=QU3Hj5todELhSo
|
|
|
326
326
|
dissect/target/plugins/os/windows/exchange/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
327
327
|
dissect/target/plugins/os/windows/exchange/exchange.py,sha256=40x9_KOmoW24Z-S4eJiczBsOEyZFjwBoU2um86szqMg,1644
|
|
328
328
|
dissect/target/plugins/os/windows/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
329
|
-
dissect/target/plugins/os/windows/log/amcache.py,sha256=
|
|
329
|
+
dissect/target/plugins/os/windows/log/amcache.py,sha256=IsgUZgKW0Ayhd-5obcERJJLvCC1KD0P5ie7PlWComRA,5875
|
|
330
330
|
dissect/target/plugins/os/windows/log/etl.py,sha256=t5GpunjzYMvAO9CBOP1ynH6053_PlasnIEIvlLNLU10,7255
|
|
331
331
|
dissect/target/plugins/os/windows/log/evt.py,sha256=pYRVK3u309yK5pJoogohHWV2a_Lev8FK2zte_ys4SN8,7133
|
|
332
332
|
dissect/target/plugins/os/windows/log/evtx.py,sha256=eSnMkU7HRmIDZ19WRsF9li08HuEOo51pRJDN2JOua5U,6148
|
|
@@ -356,7 +356,7 @@ dissect/target/plugins/os/windows/regf/userassist.py,sha256=E9Iwel4-BO9M-6BZ8fro
|
|
|
356
356
|
dissect/target/plugins/os/windows/task_helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
357
357
|
dissect/target/plugins/os/windows/task_helpers/tasks_job.py,sha256=7w3UGOiTAUQkP3xQ3sj4X3MTgHUJmmfdgiEadWmYquI,21197
|
|
358
358
|
dissect/target/plugins/os/windows/task_helpers/tasks_records.py,sha256=vpCyKqLQSzI5ymD1h5P6RncLEE47YtmjDFwKA16dVZ4,4046
|
|
359
|
-
dissect/target/plugins/os/windows/task_helpers/tasks_xml.py,sha256=
|
|
359
|
+
dissect/target/plugins/os/windows/task_helpers/tasks_xml.py,sha256=3D30BIuWGHuZtnvRmV53XgFDFuXSYEUqrMiKJJrWH8Q,15307
|
|
360
360
|
dissect/target/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
361
361
|
dissect/target/tools/build_pluginlist.py,sha256=5fomcuMwsVzcnYx5Htf5f9lSwsLeUUvomLUXNA4t7m4,849
|
|
362
362
|
dissect/target/tools/dd.py,sha256=rTM-lgXxrYBpVAtJqFqAatDz45bLoD8-mFt_59Q3Lio,1928
|
|
@@ -383,10 +383,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
383
383
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
384
384
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
|
385
385
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
386
|
-
dissect.target-3.20.2.
|
|
387
|
-
dissect.target-3.20.2.
|
|
388
|
-
dissect.target-3.20.2.
|
|
389
|
-
dissect.target-3.20.2.
|
|
390
|
-
dissect.target-3.20.2.
|
|
391
|
-
dissect.target-3.20.2.
|
|
392
|
-
dissect.target-3.20.2.
|
|
386
|
+
dissect.target-3.20.2.dev16.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
387
|
+
dissect.target-3.20.2.dev16.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
388
|
+
dissect.target-3.20.2.dev16.dist-info/METADATA,sha256=ZVQ6JUTNyfe_3NFIUrieaQtNAKVu2sBkIfPZ21Ho7UE,13184
|
|
389
|
+
dissect.target-3.20.2.dev16.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
|
|
390
|
+
dissect.target-3.20.2.dev16.dist-info/entry_points.txt,sha256=yQwLCWUuzHgS6-sfCcRk66gAfoCfqXdCjqKjvhnQW8o,537
|
|
391
|
+
dissect.target-3.20.2.dev16.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
392
|
+
dissect.target-3.20.2.dev16.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
{dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{dissect.target-3.20.2.dev14.dist-info → dissect.target-3.20.2.dev16.dist-info}/top_level.txt
RENAMED
|
File without changes
|