dissect.target 3.21.dev8__py3-none-any.whl → 3.21.dev9__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. dissect/target/plugins/os/windows/regf/cit.py +20 -7
  2. {dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/METADATA +1 -1
  3. {dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/RECORD +8 -8
  4. {dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/COPYRIGHT +0 -0
  5. {dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/LICENSE +0 -0
  6. {dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/WHEEL +0 -0
  7. {dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/entry_points.txt +0 -0
  8. {dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/top_level.txt +0 -0
dissect/target/plugins/os/windows/regf/cit.py CHANGED
@@ -632,8 +632,8 @@ def local_wintimestamp(target, ts):
632
632
  class CITPlugin(Plugin):
633
633
  """Plugin that parses CIT data from the registry.
634
634
 
635
- Reference:
636
- - https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/
635
+ References:
636
+ - https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/
637
637
  """
638
638
 
639
639
  __namespace__ = "cit"
@@ -641,7 +641,7 @@ class CITPlugin(Plugin):
641
641
  KEY = "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\CIT"
642
642
 
643
643
  def check_compatible(self) -> None:
644
- if not len(list(self.target.registry.keys(self.KEY))) > 0:
644
+ if not list(self.target.registry.keys(self.KEY)):
645
645
  raise UnsupportedPluginError("No CIT registry key found")
646
646
 
647
647
  @export(record=get_args(CITRecords))
@@ -770,8 +770,9 @@ class CITPlugin(Plugin):
770
770
  yield from _yield_bitmap_records(
771
771
  self.target, cit, entry.use_data.bitmaps.foreground, CITProgramBitmapForegroundRecord
772
772
  )
773
- except Exception:
774
- self.target.log.exception("Failed to parse CIT value: %s", value.name)
773
+ except Exception as e:
774
+ self.target.log.warning("Failed to parse CIT value: %s", value.name)
775
+ self.target.log.debug("", exc_info=e)
775
776
 
776
777
  @export(record=CITPostUpdateUseInfoRecord)
777
778
  def puu(self) -> Iterator[CITPostUpdateUseInfoRecord]:
@@ -788,10 +789,16 @@ class CITPlugin(Plugin):
788
789
  for reg_key in keys:
789
790
  for key in self.target.registry.keys(reg_key):
790
791
  try:
791
- puu = c_cit.CIT_POST_UPDATE_USE_INFO(key.value("PUUActive").value)
792
+ key_value = key.value("PUUActive").value
793
+ puu = c_cit.CIT_POST_UPDATE_USE_INFO(key_value)
792
794
  except RegistryValueNotFoundError:
793
795
  continue
794
796
 
797
+ except EOFError as e:
798
+ self.target.log.warning("Exception reading CIT structure in key %s", key.path)
799
+ self.target.log.debug("Unable to parse value %s", key_value, exc_info=e)
800
+ continue
801
+
795
802
  yield CITPostUpdateUseInfoRecord(
796
803
  log_time_start=wintimestamp(puu.LogTimeStart),
797
804
  update_key=puu.UpdateKey,
@@ -852,10 +859,16 @@ class CITPlugin(Plugin):
852
859
  for reg_key in keys:
853
860
  for key in self.target.registry.keys(reg_key):
854
861
  try:
855
- dp = c_cit.CIT_DP_DATA(key.value("DP").value)
862
+ key_value = key.value("DP").value
863
+ dp = c_cit.CIT_DP_DATA(key_value)
856
864
  except RegistryValueNotFoundError:
857
865
  continue
858
866
 
867
+ except EOFError as e:
868
+ self.target.log.warning("Exception reading CIT structure in key %s", key.path)
869
+ self.target.log.debug("Unable to parse value %s", key_value, exc_info=e)
870
+ continue
871
+
859
872
  user = self.target.registry.get_user(key)
860
873
  log_time_start = wintimestamp(dp.LogTimeStart)
861
874
 
{dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.21.dev8
3
+ Version: 3.21.dev9
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect.target-3.21.dev8.dist-info → dissect.target-3.21.dev9.dist-info}/RECORD RENAMED
@@ -339,7 +339,7 @@ dissect/target/plugins/os/windows/regf/applications.py,sha256=AZwaLXsVmqMjoZYI3d
339
339
  dissect/target/plugins/os/windows/regf/appxdebugkeys.py,sha256=X8MYLcD76pIZoIWwS_DgUp6q6pi2WO7jhZeoc4uGLak,3966
340
340
  dissect/target/plugins/os/windows/regf/auditpol.py,sha256=vTqWw0_vu9p_emWC8FuYcYQpOXhEFQQDLV0K6-18i9c,5208
341
341
  dissect/target/plugins/os/windows/regf/bam.py,sha256=jJ0i-82uteBU0hPgs81f8NV8NCeRtIklK82Me2S_ro0,2131
342
- dissect/target/plugins/os/windows/regf/cit.py,sha256=rvaQzOVi-OHTdJzmF5l32Bx9pTJm11JfYXx-5N0cL28,38517
342
+ dissect/target/plugins/os/windows/regf/cit.py,sha256=WYuwzTJKSR8Ki0582zpTpRUApx_J3OIYFWivKgqH-Is,39178
343
343
  dissect/target/plugins/os/windows/regf/clsid.py,sha256=ellokL8H7TR8XkGqqWraJ3bL0qP5RJrjNsp4JeBLU7A,3810
344
344
  dissect/target/plugins/os/windows/regf/firewall.py,sha256=86JvlBc418nHB5l3IkbEnTw6zr-H5pEGEoZ8fBhmeLE,3231
345
345
  dissect/target/plugins/os/windows/regf/mru.py,sha256=JzjwaV3Pbza2oOVILrnqcmPKCq2rGIGFwRpJW8Yc1p0,13840
@@ -382,10 +382,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
382
382
  dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
383
383
  dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
384
384
  dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
385
- dissect.target-3.21.dev8.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
386
- dissect.target-3.21.dev8.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
387
- dissect.target-3.21.dev8.dist-info/METADATA,sha256=HUElMGCd6uXoyl2UOs5_wEXae0KhByPqu-CqetFqYCU,13186
388
- dissect.target-3.21.dev8.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
389
- dissect.target-3.21.dev8.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
390
- dissect.target-3.21.dev8.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
391
- dissect.target-3.21.dev8.dist-info/RECORD,,
385
+ dissect.target-3.21.dev9.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
386
+ dissect.target-3.21.dev9.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
387
+ dissect.target-3.21.dev9.dist-info/METADATA,sha256=KoXhIy7PkSoTr-n6q7z0pgLwcQeGhaLAqfazXNkFQrs,13186
388
+ dissect.target-3.21.dev9.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
389
+ dissect.target-3.21.dev9.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
390
+ dissect.target-3.21.dev9.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
391
+ dissect.target-3.21.dev9.dist-info/RECORD,,