Ejemplos de StdoutWriter en Python, ejemplos de dtformats.output_writers.StdoutWriter en Python

Ejemplo n.º 1

0

Mostrar archivo

Archivo: rp_log.py Proyecto: ydkhatri/dtformats

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from Windows Restore Point rp.log files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        'source',
        nargs='?',
        action='store',
        metavar='PATH',
        default=None,
        help='path of the Windows Restore Point rp.log file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    log_file = rp_log.RestorePointLogFile(debug=options.debug,
                                          output_writer=output_writer)

    log_file.Open(options.source)

    print('Windows Restore Point rp.log information:')
    print('')

    log_file.Close()

    output_writer.Close()

    return True

Ejemplo n.º 2

0

Mostrar archivo

Archivo: utmp.py Proyecto: ydkhatri/dtformats

def Main():
  """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
  argument_parser = argparse.ArgumentParser(description=(
      'Extracts information from utmp files.'))

  argument_parser.add_argument(
      '-d', '--debug', dest='debug', action='store_true', default=False,
      help='enable debug output.')

  argument_parser.add_argument(
      'source', nargs='?', action='store', metavar='PATH',
      default=None, help='path of the utmp file.')

  options = argument_parser.parse_args()

  if not options.source:
    print('Source file missing.')
    print('')
    argument_parser.print_help()
    print('')
    return False

  logging.basicConfig(
      level=logging.INFO, format='[%(levelname)s] %(message)s')

  output_writer = output_writers.StdoutWriter()

  try:
    output_writer.Open()
  except IOError as exception:
    print('Unable to open output writer with error: {0!s}'.format(exception))
    print('')
    return False

  with open(options.source, 'rb') as file_object:
    file_object.seek(0, os.SEEK_SET)
    utmp_signature = file_object.read(11)

  if utmp_signature == b'utmpx-1.00\x00':
    utmp_file = utmp.MacOSXUtmpxFile(
        debug=options.debug, output_writer=output_writer)
  else:
    utmp_file = utmp.LinuxLibc6UtmpFile(
        debug=options.debug, output_writer=output_writer)

  utmp_file.Open(options.source)

  output_writer.WriteText('utmp information:')

  utmp_file.Close()

  output_writer.WriteText('')
  output_writer.Close()

  return True

Ejemplo n.º 3

0

Mostrar archivo

Archivo: firefox_cache1.py Proyecto: ydkhatri/dtformats

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from Firefox cache version 1 files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        'source',
        nargs='?',
        action='store',
        metavar='PATH',
        default=None,
        help='path of the Firefox cache version 1 file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    filename = os.path.basename(options.source)
    if filename == '_CACHE_MAP_':
        cache_file = firefox_cache1.CacheMapFile(debug=options.debug,
                                                 output_writer=output_writer)
    elif filename.startswith('_CACHE_00'):
        cache_file = firefox_cache1.CacheBlockFile(debug=options.debug,
                                                   output_writer=output_writer)

    cache_file.Open(options.source)

    print('Firefox cache version 1 information:')
    print('')

    cache_file.Close()

    output_writer.Close()

    return True

Ejemplo n.º 4

0

Mostrar archivo

Archivo: keychain.py Proyecto: ydkhatri/dtformats

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from MacOS keychain database files.'))

    argument_parser.add_argument(
        '-c',
        '--content',
        dest='content',
        action='store_true',
        default=False,
        help='export database content instead of schema.')

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument('source',
                                 nargs='?',
                                 action='store',
                                 metavar='PATH',
                                 default=None,
                                 help='path of the keychain database file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    keychain_file = keychain.KeychainDatabaseFile(debug=options.debug,
                                                  output_writer=output_writer)

    keychain_file.Open(options.source)

    if not options.content:
        print('Keychain database file schema:')

        for table in keychain_file.tables:
            print('Table: {0:s} (0x{1:08x})'.format(table.relation_name,
                                                    table.relation_identifier))

            number_of_columns = len(table.columns)
            print('\tNumber of columns:\t{0:d}'.format(number_of_columns))
            print('\tColumn\tIdentifier\tName\tType')

            for index, column in enumerate(table.columns):
                if column.attribute_identifier >= number_of_columns:
                    attribute_identifier = ''
                else:
                    attribute_identifier = '{0:d}'.format(
                        column.attribute_identifier)

                attribute_data_type = ATTRIBUTE_DATA_TYPES.get(
                    column.attribute_data_type,
                    '0x{0:08x}'.format(column.attribute_data_type))

                print('\t{0:d}\t{1:s}\t{2:s}\t{3:s}'.format(
                    index, attribute_identifier, column.attribute_name
                    or 'NULL', attribute_data_type))

            print('')

        print('')

    else:
        for table in keychain_file.tables:
            print('Table: {0:s} (0x{1:08x})'.format(table.relation_name,
                                                    table.relation_identifier))

            print('\t'.join(
                [column.attribute_name for column in table.columns]))

            for record in table.records:
                record_values = []
                for value in record.values():
                    if value is None:
                        record_values.append('NULL')
                    else:
                        record_values.append('{0!s}'.format(value))

                print('\t'.join(record_values))

            print('')

    keychain_file.Close()

    output_writer.Close()

    return True

Ejemplo n.º 5

0

Mostrar archivo

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from WMI Common Information Model (CIM) '
        'repository files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        'source',
        nargs='?',
        action='store',
        metavar='PATH',
        default=None,
        help=('path of the directory containing the WMI Common Information '
              'Model (CIM) repository files.'))

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    source_basename = os.path.basename(options.source)
    source_basename = source_basename.upper()

    cim_repository = wmi_repository.CIMRepository(debug=options.debug,
                                                  output_writer=output_writer)

    if source_basename == 'INDEX.BTR':
        source = os.path.dirname(options.source)
        cim_repository.OpenIndexBinaryTree(source)

    else:
        cim_repository.Open(options.source)

        object_record_keys = {}
        for key in cim_repository.GetKeys():
            if '.' not in key:
                continue

            _, _, key_name = key.rpartition('\\')
            key_name, _, _ = key_name.partition('.')

            if key_name not in object_record_keys:
                object_record_keys[key_name] = []

            object_record_keys[key_name].append(key)

        for key_name, keys in object_record_keys.items():
            for key in keys:
                print(key)
                object_record = cim_repository.GetObjectRecordByKey(key)
                object_record.Read()

    cim_repository.Close()

    output_writer.Close()

    return True

Ejemplo n.º 6

0

Mostrar archivo

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(
        description=('Extracts information from CPIO archive files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        '--hash',
        dest='hash',
        action='store_true',
        default=False,
        help='calculate the SHA-256 sum of the file entries.')

    argument_parser.add_argument('source',
                                 nargs='?',
                                 action='store',
                                 metavar='PATH',
                                 default=None,
                                 help='path of the CPIO archive file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    if options.hash:
        cpio_archive_file_hasher = CPIOArchiveFileHasher(
            options.source, debug=options.debug, output_writer=output_writer)

        cpio_archive_file_hasher.HashFileEntries()

    else:
        # TODO: move functionality to CPIOArchiveFileInfo.
        cpio_archive_file = cpio.CPIOArchiveFile(debug=options.debug,
                                                 output_writer=output_writer)
        cpio_archive_file.Open(options.source)

        output_writer.WriteText('CPIO archive information:\n')
        output_writer.WriteText('\tFormat\t\t: {0:s}\n'.format(
            cpio_archive_file.file_format))
        output_writer.WriteText('\tSize\t\t: {0:d} bytes\n'.format(
            cpio_archive_file.size))

        cpio_archive_file.Close()

    output_writer.WriteText('\n')
    output_writer.Close()

    return True

Ejemplo n.º 7

0

Mostrar archivo

Archivo: output_writers.py Proyecto: ydkhatri/dtformats

  def testWriteText(self):
    """Tests the WriteText function."""
    test_writer = output_writers.StdoutWriter()

    test_writer.WriteText('')

Ejemplo n.º 8

0

Mostrar archivo

Archivo: output_writers.py Proyecto: ydkhatri/dtformats

  def testOpen(self):
    """Tests the Open function."""
    test_writer = output_writers.StdoutWriter()

    test_writer.Open()

Ejemplo n.º 9

0

Mostrar archivo

Archivo: output_writers.py Proyecto: ydkhatri/dtformats

  def testClose(self):
    """Tests the Close function."""
    test_writer = output_writers.StdoutWriter()

    test_writer.Close()

Ejemplo n.º 10

0

Mostrar archivo

Archivo: recycle_bin.py Proyecto: ydkhatri/dtformats

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from Windows Recycle.Bin metadata ($I) files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        'source',
        nargs='?',
        action='store',
        metavar='PATH',
        default=None,
        help='path of the Recycle.Bin metadata ($I) file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    metadata_file = recycle_bin.RecycleBinMetadataFile(
        debug=options.debug, output_writer=output_writer)

    metadata_file.Open(options.source)

    print('Recycle.Bin metadata ($I) file information:')

    print('\tFormat version\t\t: {0:d}'.format(metadata_file.format_version))

    if metadata_file.deletion_time == 0:
        date_time_string = 'Not set'
    elif metadata_file.deletion_time == 0x7fffffffffffffff:
        date_time_string = 'Never'
    else:
        date_time = dfdatetime_filetime.Filetime(
            timestamp=metadata_file.deletion_time)
        date_time_string = date_time.CopyToDateTimeString()
        if date_time_string:
            date_time_string = '{0:s} UTC'.format(date_time_string)
        else:
            date_time_string = '0x{08:x}'.format(metadata_file.deletion_time)

    print('\tDeletion time\t\t: {0:s}'.format(date_time_string))
    print('\tOriginal filename\t: {0:s}'.format(
        metadata_file.original_filename))
    print('\tOriginal file size\t: {0:d}'.format(
        metadata_file.original_file_size))
    print('')

    metadata_file.Close()

    output_writer.Close()

    return True

Ejemplo n.º 11

0

Mostrar archivo

def Main():
  """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
  argument_parser = argparse.ArgumentParser(description=(
      'Extracts information from Windows Jump List files.'))

  argument_parser.add_argument(
      '-d', '--debug', dest='debug', action='store_true', default=False,
      help='enable debug output.')

  argument_parser.add_argument(
      'source', nargs='?', action='store', metavar='PATH',
      default=None, help='path of the Windows Jump List file.')

  options = argument_parser.parse_args()

  if not options.source:
    print('Source file missing.')
    print('')
    argument_parser.print_help()
    print('')
    return False

  logging.basicConfig(
      level=logging.INFO, format='[%(levelname)s] %(message)s')

  output_writer = output_writers.StdoutWriter()

  try:
    output_writer.Open()
  except IOError as exception:
    print('Unable to open output writer with error: {0!s}'.format(exception))
    print('')
    return False

  if pyolecf.check_file_signature(options.source):
    jump_list_file = jump_list.AutomaticDestinationsFile(
        debug=options.debug, output_writer=output_writer)
  else:
    jump_list_file = jump_list.CustomDestinationsFile(
        debug=options.debug, output_writer=output_writer)

  jump_list_file.Open(options.source)

  print('Windows Jump List information:')
  print('Number of entries:\t\t{0:d}'.format(len(jump_list_file.entries)))
  print('Number of recovered entries:\t{0:d}'.format(
      len(jump_list_file.recovered_entries)))
  print('')

  for lnk_file_entry in jump_list_file.entries:
    print('LNK file entry: {0:s}'.format(lnk_file_entry.identifier))

    for shell_item in lnk_file_entry.GetShellItems():
      print('Shell item: 0x{0:02x}'.format(shell_item.class_type))

    print('')

  jump_list_file.Close()

  output_writer.Close()

  return True

Ejemplo n.º 12

0

Mostrar archivo

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from Windows (Enhanced) Metafile files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        'source',
        nargs='?',
        action='store',
        metavar='PATH',
        default=None,
        help='path of the Windows (Enhanced) Metafile file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    with open(options.source, 'rb') as file_object:
        file_object.seek(40, os.SEEK_SET)
        emf_signature = file_object.read(4)

    if emf_signature == b'FME ':
        wemf_file = wemf.EMFFile(debug=options.debug,
                                 output_writer=output_writer)
    else:
        wemf_file = wemf.WMFFile(debug=options.debug,
                                 output_writer=output_writer)

    wemf_file.Open(options.source)

    description = '{0:s} information:'.format(wemf_file.FILE_TYPE)
    output_writer.WriteText(description)

    wemf_file.Close()

    output_writer.Close()

    return True

Ejemplo n.º 13

0

Mostrar archivo

def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from Apple Unified Logging and Activity Tracing '
        'files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        'source',
        nargs='?',
        action='store',
        metavar='PATH',
        default=None,
        help=('path of the Apple Unified Logging and Activity Tracing file.'))

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    with open(options.source, 'rb') as file_object:
        file_signature = file_object.read(4)

    if file_signature == b'\x99\x88\x77\x66':
        unified_logging_file = uuidtext.UUIDTextFile(
            debug=options.debug, output_writer=output_writer)
    else:
        unified_logging_file = tracev3.TraceV3File(debug=options.debug,
                                                   output_writer=output_writer)

    unified_logging_file.Open(options.source)

    output_writer.WriteText(
        'Apple Unified Logging and Activity Tracing information:\n')

    unified_logging_file.Close()

    output_writer.Close()

    return True

Ejemplo n.º 14

0

Mostrar archivo

Archivo: rp_change_log.py Proyecto: ydkhatri/dtformats

def Main():
  """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
  argument_parser = argparse.ArgumentParser(description=(
      'Extracts information from Windows Restore Point change.log files.'))

  argument_parser.add_argument(
      '-d', '--debug', dest='debug', action='store_true', default=False,
      help='enable debug output.')

  argument_parser.add_argument(
      'source', nargs='?', action='store', metavar='PATH',
      default=None, help='path of the Windows Restore Point change.log file.')

  options = argument_parser.parse_args()

  if not options.source:
    print('Source file missing.')
    print('')
    argument_parser.print_help()
    print('')
    return False

  logging.basicConfig(
      level=logging.INFO, format='[%(levelname)s] %(message)s')

  output_writer = output_writers.StdoutWriter()

  try:
    output_writer.Open()
  except IOError as exception:
    print('Unable to open output writer with error: {0!s}'.format(exception))
    print('')
    return False

  change_log_file = rp_change_log.RestorePointChangeLogFile(
      debug=options.debug, output_writer=output_writer)

  change_log_file.Open(options.source)

  print('Windows Restore Point change.log information:')
  print('Volume path:\t{0:s}'.format(change_log_file.volume_path))
  print('')

  for change_log_entry in change_log_file.entries:
    flags = []
    for flag, description in change_log_file.LOG_ENTRY_TYPES.items():
      if change_log_entry.entry_type & flag:
        flags.append(description)

    print('Entry type:\t\t{0:s}'.format(', '.join(flags)))

    flags = []
    for flag, description in change_log_file.LOG_ENTRY_FLAGS.items():
      if change_log_entry.entry_flags & flag:
        flags.append(description)

    print('Entry flags:\t\t{0:s}'.format(', '.join(flags)))

    print('Sequence number:\t{0:d}'.format(change_log_entry.sequence_number))
    print('Process name:\t\t{0:s}'.format(change_log_entry.process_name))

    print('')

  change_log_file.Close()

  output_writer.Close()

  return True