dissect.target 3.21.dev9__py3-none-any.whl → 3.21.dev11__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dissect/target/plugins/os/windows/catroot.py +8 -2
- dissect/target/plugins/os/windows/lnk.py +13 -7
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/METADATA +1 -1
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/RECORD +9 -9
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/LICENSE +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/WHEEL +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/top_level.txt +0 -0
|
@@ -227,8 +227,14 @@ class CatrootPlugin(Plugin):
|
|
|
227
227
|
|
|
228
228
|
for record in table.records():
|
|
229
229
|
file_digest = digest()
|
|
230
|
-
|
|
231
|
-
|
|
230
|
+
|
|
231
|
+
try:
|
|
232
|
+
setattr(file_digest, hash_type, record.get("HashCatNameTable_HashCol").hex())
|
|
233
|
+
catroot_names = record.get("HashCatNameTable_CatNameCol").decode().rstrip("|").split("|")
|
|
234
|
+
except Exception as e:
|
|
235
|
+
self.target.log.warning("Unable to parse catroot names for %s in %s", record, ese_file)
|
|
236
|
+
self.target.log.debug("", exc_info=e)
|
|
237
|
+
continue
|
|
232
238
|
|
|
233
239
|
for catroot_name in catroot_names:
|
|
234
240
|
yield CatrootRecord(
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
from
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from typing import Iterator
|
|
2
4
|
|
|
3
5
|
from dissect.shellitem.lnk import Lnk
|
|
4
6
|
from dissect.util import ts
|
|
@@ -34,7 +36,7 @@ LnkRecord = TargetRecordDescriptor(
|
|
|
34
36
|
)
|
|
35
37
|
|
|
36
38
|
|
|
37
|
-
def parse_lnk_file(target: Target, lnk_file: Lnk, lnk_path: TargetPath) ->
|
|
39
|
+
def parse_lnk_file(target: Target, lnk_file: Lnk, lnk_path: TargetPath) -> LnkRecord:
|
|
38
40
|
# we need to get the active codepage from the system to properly decode some values
|
|
39
41
|
codepage = target.codepage or "ascii"
|
|
40
42
|
|
|
@@ -132,7 +134,7 @@ class LnkPlugin(Plugin):
|
|
|
132
134
|
|
|
133
135
|
@arg("--path", "-p", dest="path", default=None, help="Path to directory or .lnk file in target")
|
|
134
136
|
@export(record=LnkRecord)
|
|
135
|
-
def lnk(self, path:
|
|
137
|
+
def lnk(self, path: str | None = None) -> Iterator[LnkRecord]:
|
|
136
138
|
"""Parse all .lnk files in /ProgramData, /Users, and /Windows or from a specified path in record format.
|
|
137
139
|
|
|
138
140
|
Yields a LnkRecord record with the following fields:
|
|
@@ -160,10 +162,14 @@ class LnkPlugin(Plugin):
|
|
|
160
162
|
"""
|
|
161
163
|
|
|
162
164
|
for entry in self.lnk_entries(path):
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
165
|
+
try:
|
|
166
|
+
lnk_file = Lnk(entry.open())
|
|
167
|
+
yield parse_lnk_file(self.target, lnk_file, entry)
|
|
168
|
+
except Exception as e:
|
|
169
|
+
self.target.log.warning("Failed to parse link file %s", lnk_file)
|
|
170
|
+
self.target.log.debug("", exc_info=e)
|
|
171
|
+
|
|
172
|
+
def lnk_entries(self, path: str | None = None) -> Iterator[TargetPath]:
|
|
167
173
|
if path:
|
|
168
174
|
target_path = self.target.fs.path(path)
|
|
169
175
|
if not target_path.exists():
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.21.
|
|
3
|
+
Version: 3.21.dev11
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -281,7 +281,7 @@ dissect/target/plugins/os/windows/_os.py,sha256=SUTfCPEVi2ADfjsQQJad6dEsnKUzRtsK
|
|
|
281
281
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=_I-rc7hAKRgqfFexsJq5nkIAV3E31byG4KeBQeDBehg,7051
|
|
282
282
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
|
|
283
283
|
dissect/target/plugins/os/windows/amcache.py,sha256=1jq-S80_FIzGegrqQ6HqrjmaAPTyxyn69HxnbRBlaUc,27608
|
|
284
|
-
dissect/target/plugins/os/windows/catroot.py,sha256=
|
|
284
|
+
dissect/target/plugins/os/windows/catroot.py,sha256=59KfdNPcoA5NQtpj4_e3wzPDsyB1RYIu049UeIhLuEk,11390
|
|
285
285
|
dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
|
|
286
286
|
dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
|
|
287
287
|
dissect/target/plugins/os/windows/datetime.py,sha256=YKHUZU6lkKJocq15y0yCwvIIOb1Ej-kfvEBmHbrdIGw,9467
|
|
@@ -289,7 +289,7 @@ dissect/target/plugins/os/windows/defender.py,sha256=JAJy8hr6jFGd290N1d5a-bVeD8r
|
|
|
289
289
|
dissect/target/plugins/os/windows/env.py,sha256=U5D74i_7tICxGDanqDU42Jqsx0asFFMIs6SpUwTnJc4,13884
|
|
290
290
|
dissect/target/plugins/os/windows/generic.py,sha256=RJ1znzsIa4CFxmdMh91SjMY_pnjwxvldlTEKo58m_e8,24262
|
|
291
291
|
dissect/target/plugins/os/windows/jumplist.py,sha256=3gZk6O1B3lKK2Jxe0B-HapOCEehk94CYNvCVDpQC9nQ,11773
|
|
292
|
-
dissect/target/plugins/os/windows/lnk.py,sha256=
|
|
292
|
+
dissect/target/plugins/os/windows/lnk.py,sha256=AvqVmvP-QWHPKEI49hP-JeOVSI2R3Vxpy-lpfT70pSg,8097
|
|
293
293
|
dissect/target/plugins/os/windows/locale.py,sha256=QiLWGgWrGBGHiXgep5iSOo6VNim4YC-xd4MdW0BUJPA,2486
|
|
294
294
|
dissect/target/plugins/os/windows/network.py,sha256=epbRPt_Aa6xPV_fCd2tbHpbHAi_JG1jWrtHsDrqCrlM,11507
|
|
295
295
|
dissect/target/plugins/os/windows/notifications.py,sha256=3sL4x9AvaRfP_IBYncu4TNesSSuZP1FemgF1EH9RtJw,17686
|
|
@@ -382,10 +382,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
382
382
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
383
383
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
|
384
384
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
385
|
-
dissect.target-3.21.
|
|
386
|
-
dissect.target-3.21.
|
|
387
|
-
dissect.target-3.21.
|
|
388
|
-
dissect.target-3.21.
|
|
389
|
-
dissect.target-3.21.
|
|
390
|
-
dissect.target-3.21.
|
|
391
|
-
dissect.target-3.21.
|
|
385
|
+
dissect.target-3.21.dev11.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
386
|
+
dissect.target-3.21.dev11.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
387
|
+
dissect.target-3.21.dev11.dist-info/METADATA,sha256=uQAwCX2CCiEQB6V8zn1a0qC1Z76apQll52CwncR80ek,13187
|
|
388
|
+
dissect.target-3.21.dev11.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
|
|
389
|
+
dissect.target-3.21.dev11.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
|
|
390
|
+
dissect.target-3.21.dev11.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
391
|
+
dissect.target-3.21.dev11.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|