def from_obj(win_handle_obj): if not win_handle_obj: return None win_handle_ = WinHandle() win_handle_.id = UnsignedInteger.from_obj(win_handle_obj.get_ID()) win_handle_.name = String.from_obj(win_handle_obj.get_Name()) win_handle_.type = String.from_obj(win_handle_obj.get_Type()) win_handle_.object_address = UnsignedLong.from_obj(win_handle_obj.get_Object_Address()) win_handle_.access_mask = UnsignedLong.from_obj(win_handle_obj.get_Access_Mask()) win_handle_.pointer_count = UnsignedLong.from_obj(win_handle_obj.get_Pointer_Count()) return win_handle_
def from_obj(file_obj, file_class=None): if not file_obj: return None if not file_class: file_ = File() else: file_ = file_class ObjectProperties.from_obj(file_obj, file_) file_.is_packed = file_obj.get_is_packed() file_.file_name = String.from_obj(file_obj.get_File_Name()) file_.file_path = FilePath.from_obj(file_obj.get_File_Path()) file_.device_path = String.from_obj(file_obj.get_Device_Path()) file_.full_path = String.from_obj(file_obj.get_Full_Path()) file_.file_extension = String.from_obj(file_obj.get_File_Extension()) file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes()) file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number()) file_.file_format = String.from_obj(file_obj.get_File_Format()) file_.hashes = HashList.from_obj(file_obj.get_Hashes()) file_.extracted_features = ExtractedFeatures.from_obj(file_obj.get_Extracted_Features()) #TODO: why are there two Strings and one DateTime here? file_.modified_time = String.from_obj(file_obj.get_Modified_Time()) file_.accessed_time = String.from_obj(file_obj.get_Accessed_Time()) file_.created_time = DateTime.from_obj(file_obj.get_Created_Time()) return file_
def from_obj(driver_obj): if not driver_obj: return None driver_ = WinDriver() driver_.driver_init = UnsignedLong.from_obj(driver_obj.get_Driver_Init()) driver_.driver_name = String.from_obj(driver_obj.get_Driver_Name()) driver_.driver_object_address = HexBinary.from_obj(driver_obj.get_Driver_Object_Address()) driver_.driver_start_io = HexBinary.from_obj(driver_obj.get_Driver_Start_IO()) return driver_
def from_obj(stream_obj): if not stream_obj: return None stream_ = Stream() for hash_ in stream_obj.get_Hash(): stream_.add(Hash.from_obj(hash_)) stream_.name = String.from_obj(stream_dict.get('name')) stream_.size_in_bytes = UnsignedLong.from_obj(stream_dict.get('size_in_bytes')) return stream_
def from_obj(win_kernel_hook_obj): if not win_kernel_hook_obj: return None win_kernel_hook_ = WinKernelHook() win_kernel_hook_.digital_signature_hooking = DigitalSignature.from_obj(win_kernel_hook_obj.get_Digital_Signature_Hooking()) win_kernel_hook_.digital_signature_hooked = DigitalSignature.from_obj(win_kernel_hook_obj.get_Digital_Signature_Hooked()) win_kernel_hook_.hooked_address = UnsignedLong.from_obj(win_kernel_hook_obj.get_Hooked_Address()) win_kernel_hook_.hook_description = String.from_obj(win_kernel_hook_obj.get_Hook_Description()) win_kernel_hook_.hooked_function = String.from_obj(win_kernel_hook_obj.get_Hooked_Function()) win_kernel_hook_.hooked_module = String.from_dict(win_kernel_hook_obj.get_Hooked_Module()) win_kernel_hook_.type = String.from_obj(win_kernel_hook_obj.get_Type()) return win_kernel_hook_
def from_obj(system_obj, system_class = None): if not system_obj: return None if not system_class: system_ = System() else: system_ = system_class system_.available_physical_memory = UnsignedLong.from_obj(system_obj.get_Available_Physical_Memory()) system_.bios_info = BIOSInfo.from_obj(system_obj.get_BIOS_Info()) system_.date = Date.from_obj(system_obj.get_Date()) system_.hostname = String.from_obj(system_obj.get_Hostname()) system_.local_time = Time.from_obj(system_obj.get_Local_Time()) system_.network_interface_list = NetworkInterfaceList.from_obj(system_obj.get_Network_Interface_List()) system_.os = OS.from_obj(system_obj.get_OS()) system_.processor = String.from_obj(system_obj.get_Processor()) system_.processor_architecture = String.from_obj(system_obj.get_Processor_Architecture()) system_.system_time = Time.from_obj(system_obj.get_System_Time()) system_.timezone_dst = String.from_obj(system_obj.get_Timezone_DST()) system_.timezone_standard = String.from_obj(system_obj.get_Timezone_Standard()) system_.total_physical_memory = UnsignedLong.from_obj(system_obj.get_Total_Physical_Memory()) system_.uptime = Duration.from_obj(system_obj.get_Uptime()) system_.username = String.from_obj(system_obj.get_Username()) return system_
def from_obj(memory_obj): if not memory_obj: return None memory_ = Memory() memory_.is_injected = memory_obj.get_is_injected() memory_.is_mapped = memory_obj.get_is_mapped() memory_.is_protected = memory_obj.get_is_protected() memory_.hashes = HashList.from_obj(memory_obj.get_Hashes()) memory_.name = String.from_obj(memory_obj.get_Name()) memory_.region_size = UnsignedLong.from_obj(memory_obj.get_Region_Size()) memory_.region_start_address = HexBinary.from_obj(memory_obj.get_Region_Start_Address()) memory_.extracted_features = None return memory_
def from_obj(file_obj): if not file_obj: return None file_ = File() file_.is_packed = file_obj.get_is_packed() file_.file_name = String.from_obj(file_obj.get_File_Name()) file_.file_path = FilePath.from_obj(file_obj.get_File_Path()) file_.device_path = String.from_obj(file_obj.get_Device_Path()) file_.full_path = String.from_obj(file_obj.get_Full_Path()) file_.file_extension = String.from_obj(file_obj.get_File_Extension()) file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes()) file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number()) file_.file_format = String.from_obj(file_obj.get_File_Format()) file_.hashes = HashList.from_obj(file_obj.get_Hashes()) return file_