dissect.target 3.21.dev9__py3-none-any.whl → 3.21.dev11__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/plugins/os/windows/catroot.py +8 -2
- dissect/target/plugins/os/windows/lnk.py +13 -7
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/METADATA +1 -1
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/RECORD +9 -9
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/LICENSE +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/WHEEL +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.21.dev9.dist-info → dissect.target-3.21.dev11.dist-info}/top_level.txt +0 -0
|
@@ -227,8 +227,14 @@ class CatrootPlugin(Plugin):
|
|
|
227
227
|
|
|
228
228
|
for record in table.records():
|
|
229
229
|
file_digest = digest()
|
|
230
|
-
|
|
231
|
-
|
|
230
|
+
|
|
231
|
+
try:
|
|
232
|
+
setattr(file_digest, hash_type, record.get("HashCatNameTable_HashCol").hex())
|
|
233
|
+
catroot_names = record.get("HashCatNameTable_CatNameCol").decode().rstrip("|").split("|")
|
|
234
|
+
except Exception as e:
|
|
235
|
+
self.target.log.warning("Unable to parse catroot names for %s in %s", record, ese_file)
|
|
236
|
+
self.target.log.debug("", exc_info=e)
|
|
237
|
+
continue
|
|
232
238
|
|
|
233
239
|
for catroot_name in catroot_names:
|
|
234
240
|
yield CatrootRecord(
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
from
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from typing import Iterator
|
|
2
4
|
|
|
3
5
|
from dissect.shellitem.lnk import Lnk
|
|
4
6
|
from dissect.util import ts
|
|
@@ -34,7 +36,7 @@ LnkRecord = TargetRecordDescriptor(
|
|
|
34
36
|
)
|
|
35
37
|
|
|
36
38
|
|
|
37
|
-
def parse_lnk_file(target: Target, lnk_file: Lnk, lnk_path: TargetPath) ->
|
|
39
|
+
def parse_lnk_file(target: Target, lnk_file: Lnk, lnk_path: TargetPath) -> LnkRecord:
|
|
38
40
|
# we need to get the active codepage from the system to properly decode some values
|
|
39
41
|
codepage = target.codepage or "ascii"
|
|
40
42
|
|
|
@@ -132,7 +134,7 @@ class LnkPlugin(Plugin):
|
|
|
132
134
|
|
|
133
135
|
@arg("--path", "-p", dest="path", default=None, help="Path to directory or .lnk file in target")
|
|
134
136
|
@export(record=LnkRecord)
|
|
135
|
-
def lnk(self, path:
|
|
137
|
+
def lnk(self, path: str | None = None) -> Iterator[LnkRecord]:
|
|
136
138
|
"""Parse all .lnk files in /ProgramData, /Users, and /Windows or from a specified path in record format.
|
|
137
139
|
|
|
138
140
|
Yields a LnkRecord record with the following fields:
|
|
@@ -160,10 +162,14 @@ class LnkPlugin(Plugin):
|
|
|
160
162
|
"""
|
|
161
163
|
|
|
162
164
|
for entry in self.lnk_entries(path):
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
165
|
+
try:
|
|
166
|
+
lnk_file = Lnk(entry.open())
|
|
167
|
+
yield parse_lnk_file(self.target, lnk_file, entry)
|
|
168
|
+
except Exception as e:
|
|
169
|
+
self.target.log.warning("Failed to parse link file %s", lnk_file)
|
|
170
|
+
self.target.log.debug("", exc_info=e)
|
|
171
|
+
|
|
172
|
+
def lnk_entries(self, path: str | None = None) -> Iterator[TargetPath]:
|
|
167
173
|
if path:
|
|
168
174
|
target_path = self.target.fs.path(path)
|
|
169
175
|
if not target_path.exists():
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.21.
|
|
3
|
+
Version: 3.21.dev11
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -281,7 +281,7 @@ dissect/target/plugins/os/windows/_os.py,sha256=SUTfCPEVi2ADfjsQQJad6dEsnKUzRtsK
|
|
|
281
281
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=_I-rc7hAKRgqfFexsJq5nkIAV3E31byG4KeBQeDBehg,7051
|
|
282
282
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
|
|
283
283
|
dissect/target/plugins/os/windows/amcache.py,sha256=1jq-S80_FIzGegrqQ6HqrjmaAPTyxyn69HxnbRBlaUc,27608
|
|
284
|
-
dissect/target/plugins/os/windows/catroot.py,sha256=
|
|
284
|
+
dissect/target/plugins/os/windows/catroot.py,sha256=59KfdNPcoA5NQtpj4_e3wzPDsyB1RYIu049UeIhLuEk,11390
|
|
285
285
|
dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
|
|
286
286
|
dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
|
|
287
287
|
dissect/target/plugins/os/windows/datetime.py,sha256=YKHUZU6lkKJocq15y0yCwvIIOb1Ej-kfvEBmHbrdIGw,9467
|
|
@@ -289,7 +289,7 @@ dissect/target/plugins/os/windows/defender.py,sha256=JAJy8hr6jFGd290N1d5a-bVeD8r
|
|
|
289
289
|
dissect/target/plugins/os/windows/env.py,sha256=U5D74i_7tICxGDanqDU42Jqsx0asFFMIs6SpUwTnJc4,13884
|
|
290
290
|
dissect/target/plugins/os/windows/generic.py,sha256=RJ1znzsIa4CFxmdMh91SjMY_pnjwxvldlTEKo58m_e8,24262
|
|
291
291
|
dissect/target/plugins/os/windows/jumplist.py,sha256=3gZk6O1B3lKK2Jxe0B-HapOCEehk94CYNvCVDpQC9nQ,11773
|
|
292
|
-
dissect/target/plugins/os/windows/lnk.py,sha256=
|
|
292
|
+
dissect/target/plugins/os/windows/lnk.py,sha256=AvqVmvP-QWHPKEI49hP-JeOVSI2R3Vxpy-lpfT70pSg,8097
|
|
293
293
|
dissect/target/plugins/os/windows/locale.py,sha256=QiLWGgWrGBGHiXgep5iSOo6VNim4YC-xd4MdW0BUJPA,2486
|
|
294
294
|
dissect/target/plugins/os/windows/network.py,sha256=epbRPt_Aa6xPV_fCd2tbHpbHAi_JG1jWrtHsDrqCrlM,11507
|
|
295
295
|
dissect/target/plugins/os/windows/notifications.py,sha256=3sL4x9AvaRfP_IBYncu4TNesSSuZP1FemgF1EH9RtJw,17686
|
|
@@ -382,10 +382,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
382
382
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
383
383
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
|
384
384
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
385
|
-
dissect.target-3.21.
|
|
386
|
-
dissect.target-3.21.
|
|
387
|
-
dissect.target-3.21.
|
|
388
|
-
dissect.target-3.21.
|
|
389
|
-
dissect.target-3.21.
|
|
390
|
-
dissect.target-3.21.
|
|
391
|
-
dissect.target-3.21.
|
|
385
|
+
dissect.target-3.21.dev11.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
386
|
+
dissect.target-3.21.dev11.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
387
|
+
dissect.target-3.21.dev11.dist-info/METADATA,sha256=uQAwCX2CCiEQB6V8zn1a0qC1Z76apQll52CwncR80ek,13187
|
|
388
|
+
dissect.target-3.21.dev11.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
|
|
389
|
+
dissect.target-3.21.dev11.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
|
|
390
|
+
dissect.target-3.21.dev11.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
391
|
+
dissect.target-3.21.dev11.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|