Python convert_windate Beispiele

Beispiel #1

Datei: reg.py Projekt: sebdraven/Fastir_Collector

def csv_user_assist_value_decode_before_win7(str_value_datatmp, count_offset):
    """
    The Count registry key contains values representing the programs
    Each value is separated as :
    first 4 bytes are session
    following 4 bytes are number of times the program has been run
    next 8 bytes are the timestamp of last execution
    each of those values are in big endian which have to be converted in little endian
    :return: An array containing these information
    """

    # 16 bytes data
    str_value_data_session = str_value_datatmp[0:4]
    str_value_data_session = unicode(struct.unpack("<I", str_value_data_session)[0])
    str_value_data_count = str_value_datatmp[4:8]
    str_value_data_count = unicode(struct.unpack("<I", str_value_data_count)[0] + count_offset + 1)
    str_value_data_timestamp = str_value_datatmp[8:16]
    try:
        timestamp = struct.unpack("<I", str_value_data_timestamp)[0]
        date_last_exec = convert_windate(timestamp)
    except ValueError:
        date_last_exec = None
    arr_data = [str_value_data_session, str_value_data_count]
    if date_last_exec:
        arr_data.append(date_last_exec)
    else:
        arr_data.append("")
    return arr_data

Beispiel #2

Datei: reg.py Projekt: andy737/Fastir_Collector

def csv_user_assist_value_decode_win7_and_after(str_value_datatmp,
                                                count_offset):
    """The value in user assist has changed since Win7. It is taken into account here."""
    # 16 bytes data
    str_value_data_session = str_value_datatmp[0:4]
    str_value_data_session = unicode(
        struct.unpack("<I", str_value_data_session)[0])
    str_value_data_count = str_value_datatmp[4:8]
    str_value_data_count = unicode(
        struct.unpack("<I", str_value_data_count)[0] + count_offset + 1)
    str_value_data_focus = str_value_datatmp[12:16]
    str_value_data_focus = unicode(
        struct.unpack("<I", str_value_data_focus)[0])
    str_value_data_timestamp = str_value_datatmp[60:68]
    try:
        timestamp = struct.unpack("<Q", str_value_data_timestamp)[0]
        date_last_exec = convert_windate(timestamp)
    except ValueError:
        date_last_exec = None
    arr_data = [
        str_value_data_session, str_value_data_count, str_value_data_focus
    ]
    if date_last_exec:
        arr_data.append(date_last_exec)
    else:
        arr_data.append("")
    return arr_data

Beispiel #3

Datei: reg.py Projekt: SekoiaLab/Fastir_Collector

def csv_user_assist_value_decode_win7_and_after(str_value_datatmp, count_offset):
    """The value in user assist has changed since Win7. It is taken into account here."""
    # 16 bytes data
    str_value_data_session = str_value_datatmp[0:4]
    str_value_data_session = unicode(struct.unpack("<I", str_value_data_session)[0])
    str_value_data_count = str_value_datatmp[4:8]
    str_value_data_count = unicode(struct.unpack("<I", str_value_data_count)[0] + count_offset + 1)
    str_value_data_focus = str_value_datatmp[12:16]
    str_value_data_focus = unicode(struct.unpack("<I", str_value_data_focus)[0])
    str_value_data_timestamp = str_value_datatmp[60:68]
    try:
        timestamp = struct.unpack("<Q", str_value_data_timestamp)[0]
        date_last_exec = convert_windate(timestamp)
    except ValueError:
        date_last_exec = None
    arr_data = [str_value_data_session, str_value_data_count, str_value_data_focus]
    if date_last_exec:
        arr_data.append(date_last_exec)
    else:
        arr_data.append("")
    return arr_data