Python find_control_set Beispiele

Programmiersprache: Python

Namespace / Paketname: volatility.win32.hashdump

Methode / Funktion: find_control_set

Beispiele auf hotexamples.com: 3

Python find_control_set - 3 Beispiele gefunden. Dies sind die am besten bewerteten Python Beispiele für die volatility.win32.hashdump.find_control_set, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

    def calculate(self):
        addr_space = utils.load_as(self._config)
        
        #scan for registries and populate them:
        print "Scanning for registries...."
        self.populate_offsets()

        #set our current registry of interest and get its path
        #and get current control set
        print "Getting Current Control Set...."
        currentcs = "ControlSet001"
        self.set_current('system')
        for o in self.current_offsets:
            sysaddr = hivemod.HiveAddressSpace(addr_space, self._config, o)
            cs = find_control_set(sysaddr)
            currentcs = "ControlSet{0:03}".format(cs)

        #set the services root. 
        print "Getting Services and calculating SIDs...."
        services = self.reg_get_key('system', currentcs + '\\' + 'Services')
        if services:
            for s in rawreg.subkeys(services):
                if s.Name not in servicesids.values():
                    sid = createservicesid(str(s.Name))
                    yield sid, str(s.Name)
        for sid in servicesids:
            yield sid, servicesids[sid]

Beispiel #2

Datei anzeigen

Datei: registryapi.py Projekt: Jack47/volatility

 def reg_get_currentcontrolset(self, fullname = True):
     '''
     get the CurrentControlSet
         If fullname is not specified, we only get the number like "1" or "2" etc
         The default is ControlSet00{#} so we can append it to the desired key path
         We return None if it fails, so you need to verify before using.
     '''
     for offset in self.all_offsets:
         name = self.all_offsets[offset] + " "
         if name.lower().find("\\system ") != -1:
             sysaddr = hivemod.HiveAddressSpace(self.addr_space, self._config, offset)
             if fullname:
                 return "ControlSet00{0}".format(hashdump.find_control_set(sysaddr))
             else:
                 return hashdump.find_control_set(sysaddr)
     return None

Beispiel #3

Datei anzeigen

 def reg_get_currentcontrolset(self, fullname = True):
     '''
     get the CurrentControlSet
         If fullname is not specified, we only get the number like "1" or "2" etc
         The default is ControlSet00{#} so we can append it to the desired key path
         We return None if it fails, so you need to verify before using.
     '''
     for offset in self.all_offsets:
         name = self.all_offsets[offset] + " "
         if name.lower().find("\\system ") != -1:
             sysaddr = hivemod.HiveAddressSpace(self.addr_space, self._config, offset)
             if fullname:
                 return "ControlSet00{0}".format(hashdump.find_control_set(sysaddr))
             else:
                 return hashdump.find_control_set(sysaddr)
     return None