def from_obj(win_handle_obj):
if not win_handle_obj:
return None
win_handle_ = WinHandle()
win_handle_.id = UnsignedInteger.from_obj(win_handle_obj.get_ID())
win_handle_.name = String.from_obj(win_handle_obj.get_Name())
win_handle_.type = String.from_obj(win_handle_obj.get_Type())
win_handle_.object_address = UnsignedLong.from_obj(win_handle_obj.get_Object_Address())
win_handle_.access_mask = UnsignedLong.from_obj(win_handle_obj.get_Access_Mask())
win_handle_.pointer_count = UnsignedLong.from_obj(win_handle_obj.get_Pointer_Count())
return win_handle_
def from_obj(file_obj, file_class=None):
if not file_obj:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_obj(file_obj, file_)
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
file_.extracted_features = ExtractedFeatures.from_obj(file_obj.get_Extracted_Features())
#TODO: why are there two Strings and one DateTime here?
file_.modified_time = String.from_obj(file_obj.get_Modified_Time())
file_.accessed_time = String.from_obj(file_obj.get_Accessed_Time())
file_.created_time = DateTime.from_obj(file_obj.get_Created_Time())
return file_
def from_obj(driver_obj):
if not driver_obj:
return None
driver_ = WinDriver()
driver_.driver_init = UnsignedLong.from_obj(driver_obj.get_Driver_Init())
driver_.driver_name = String.from_obj(driver_obj.get_Driver_Name())
driver_.driver_object_address = HexBinary.from_obj(driver_obj.get_Driver_Object_Address())
driver_.driver_start_io = HexBinary.from_obj(driver_obj.get_Driver_Start_IO())
return driver_
def from_obj(stream_obj):
if not stream_obj:
return None
stream_ = Stream()
for hash_ in stream_obj.get_Hash():
stream_.add(Hash.from_obj(hash_))
stream_.name = String.from_obj(stream_dict.get('name'))
stream_.size_in_bytes = UnsignedLong.from_obj(stream_dict.get('size_in_bytes'))
return stream_
def from_obj(win_kernel_hook_obj):
if not win_kernel_hook_obj:
return None
win_kernel_hook_ = WinKernelHook()
win_kernel_hook_.digital_signature_hooking = DigitalSignature.from_obj(win_kernel_hook_obj.get_Digital_Signature_Hooking())
win_kernel_hook_.digital_signature_hooked = DigitalSignature.from_obj(win_kernel_hook_obj.get_Digital_Signature_Hooked())
win_kernel_hook_.hooked_address = UnsignedLong.from_obj(win_kernel_hook_obj.get_Hooked_Address())
win_kernel_hook_.hook_description = String.from_obj(win_kernel_hook_obj.get_Hook_Description())
win_kernel_hook_.hooked_function = String.from_obj(win_kernel_hook_obj.get_Hooked_Function())
win_kernel_hook_.hooked_module = String.from_dict(win_kernel_hook_obj.get_Hooked_Module())
win_kernel_hook_.type = String.from_obj(win_kernel_hook_obj.get_Type())
return win_kernel_hook_
def from_obj(system_obj, system_class = None):
if not system_obj:
return None
if not system_class:
system_ = System()
else:
system_ = system_class
system_.available_physical_memory = UnsignedLong.from_obj(system_obj.get_Available_Physical_Memory())
system_.bios_info = BIOSInfo.from_obj(system_obj.get_BIOS_Info())
system_.date = Date.from_obj(system_obj.get_Date())
system_.hostname = String.from_obj(system_obj.get_Hostname())
system_.local_time = Time.from_obj(system_obj.get_Local_Time())
system_.network_interface_list = NetworkInterfaceList.from_obj(system_obj.get_Network_Interface_List())
system_.os = OS.from_obj(system_obj.get_OS())
system_.processor = String.from_obj(system_obj.get_Processor())
system_.processor_architecture = String.from_obj(system_obj.get_Processor_Architecture())
system_.system_time = Time.from_obj(system_obj.get_System_Time())
system_.timezone_dst = String.from_obj(system_obj.get_Timezone_DST())
system_.timezone_standard = String.from_obj(system_obj.get_Timezone_Standard())
system_.total_physical_memory = UnsignedLong.from_obj(system_obj.get_Total_Physical_Memory())
system_.uptime = Duration.from_obj(system_obj.get_Uptime())
system_.username = String.from_obj(system_obj.get_Username())
return system_
def from_obj(memory_obj):
if not memory_obj:
return None
memory_ = Memory()
memory_.is_injected = memory_obj.get_is_injected()
memory_.is_mapped = memory_obj.get_is_mapped()
memory_.is_protected = memory_obj.get_is_protected()
memory_.hashes = HashList.from_obj(memory_obj.get_Hashes())
memory_.name = String.from_obj(memory_obj.get_Name())
memory_.region_size = UnsignedLong.from_obj(memory_obj.get_Region_Size())
memory_.region_start_address = HexBinary.from_obj(memory_obj.get_Region_Start_Address())
memory_.extracted_features = None
return memory_
def from_obj(file_obj):
if not file_obj:
return None
file_ = File()
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
return file_
